- SAPHanaSR
-
- Version bump to 0.162.1
* fix for SAPHanaTopology failing with error code 1
(OCF_ERR_GENERIC) during a normal stop action
(bsc#1207466)
* set srhook attribute to PRIM during a probe so that we do not
need to wait for the first srConnectionChanged() to set the
attribute
(bsc#1205535)
- Version bump to 0.162.0
* add improvements from SAP to the RA scripts regarding the
handling of the SAP tools 'HDB version', 'HDBSettings.sh' and
'pycd' and the SAPHana log filter handling
(jsc#PED-1739, jsc#PED-2608)
* fix for SAPHanaSR-monitor reporting "/LPA status of one node is
missing"/
(bsc#1192963, bsc#1203973)
* SAPHanaSRTools.pm: shows terminate node attribute too
- remove patch:
0001-bsc-1192963.patch
- SAPHanaSR-monitor not reporting correctly
(bsc#1192963)
add patch:
0001-bsc-1192963.patch
- Version bump to 0.161.1_BF
- add the required 'xmllint' to the package
(bsc#1201945)
- changes to the demote_clone function of the resource agent:
if the role is '1:P' (topology agent run into timeouts) the
function fail with rc=1, to get the managed resource stopped
changes to the stop_clone function of the topology agent:
call landscapeHostConfiguration.py and set the roles as they were
reported. If the command timed out, set the role to '1:P' and
return 1 to get the node fenced.
The used timeout for the landscapeHostConfiguration.py call can
be configured by the cluster action timeout, if needed. It will
be 50% of the action timeout or the minimum of 300s.
(bsc#1198127)
- add new HA/DR provider hook susChkSrv
(jsc#PED-1241, jsc#PED-1240)
- add new tool SAPHanaSR-manageProvider to show, add and delete
HA/DR provider sections in the global.ini of SAP HANA.
- update suse icon to new branding
- SUSEConnect
-
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
SCC will be stored inside of the credentials file for later use on API calls.
This way we add system clone detection for systems using this version of SUSE
Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
information in SCC and proxies more accurate. (bsc#1196076)
- binutils
-
- Add binutils-maxpagesize.diff for a problem on old code
streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils. Update to 2.39 from 2.37,
which means obsoleting and hence removing these patches:
binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
binutils-add-z16-name.diff.
Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
[bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
[bsc#1193929] aka PR28694 aka CVE-2021-45078
[bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
[bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
[bsc#1202966] aka PR29289 aka CVE-2022-38126
[bsc#1202967] aka PR29290 aka CVE-2022-38127
[bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
[bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
- -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
needs to support efi-app-aarch64 target. (bsc#1198458)
Adds binutils-add-efi-aarch64-1.diff,
binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
(Fake entry from SLE for tracking purposes:)
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
in crash not accepting some of our .ko.debug files.
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
(forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- Add usage of a SUSE_ZNOW environment variable which allows switching
on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
* Install symlinks for all target specific tools on
arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
- -unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
- -unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to "/warn"/ will generate a
warning message whenever any multibyte character is encountered. Using the
option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- cloud-netconfig
-
- Update to version 1.7:
+ Overhaul policy routing setup (issue #19)
+ Support alias IPv4 ranges (issue #14)
+ Add support for NetworkManager (bsc#1204549)
+ Remove dependency on netconfig
+ Install into libexec directory
+ Clear stale ifcfg files for accelerated NICs (bsc#1199853)
+ More debug messages
+ Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
Tumbleweed, update path (poo#116221)
- cloud-regionsrv-client
-
- Update to version 10.0.8 (bsc#1206428)
- Fix regression introduced by 10.0.7. When the hosts file was modified
such that there is no empty line at the end of the file the content
after removing the registration data does not match the content prior
to registration. The update fixes the issue triggered by an index
logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
- Implement functionality to detect if an update server has a new cert.
Import the new cert when it is detected.
- Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
- Credentials are equal when username and password are the same ignore
other entries in the credentials file
- Handle multiple zypper names in process table, zypper and Zypp-main
to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
- compat-openssl098
-
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add patch: openssl-CVE-2022-4304.patch
- crmsh
-
- Update to version 4.1.1+git.1672364762.c6594863:
* Fix: report: Catch read exception (bsc#1206606)
- curl
-
- Security Fix: [bsc#1207992, CVE-2023-23916]
* HTTP multi-header compression denial of service
* Add curl-CVE-2023-23916.patch
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- Security Fix: [bsc#1204383, CVE-2022-32221]
* POST following PUT confusion
* Add curl-CVE-2022-32221.patch
- dbus-1
-
- Fix IO lock contention, causing timeouts; (fdo#102839);
(bsc#1193780).
Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- ------------------------------------------------------------------
- dbus-1-x11
-
- Fix IO lock contention, causing timeouts; (fdo#102839);
(bsc#1193780).
Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- dhcp
-
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
- drbd
-
- drbd reporting: drbd data0/0 drbd0 lnxxxx-pa: Retrying drbd_rs_del_all() later (bsc#1207127)
* bsc1207127-01_drbd-Pause-sync-souce-when-we-decide-to-pause-a-sync.patch
* bsc1207127-02_drbd-Fix-setting-other-repl-state-in-other-connectio.patch
* bsc1207127-03_drbd-fix-termination-of-verify-with-stop-sector.patch
* bsc1207127-04_drbd-do-not-execute-drbd_resync_finished-if-work-is.patch
- Fix for bug 1189995 slows down full resync significantly (bsc#1203931)
- replace patch:
- fix-stuck-resync-when-cancelled.patch
with three patches:
+ bsc-1189995-01_drbd-Improve-the-resync-controller-for-fast-back-end.patch
+ bsc-1189995-02_drbd-Fix-stuck-resync-when-many-resync-requests-are-.patch
+ bsc-1189995-03_drbd-Fix-handing-of-P_NEG_RS_DREPLY-packet.patch
- other new patches:
+ bsc-1203931-01_drbd-re-introduce-occasional-resync-verify-progress-.patch
+ bsc-1203931-02_drbd-Improve-naming-of-constant-SLEEP_TIME-RS_MK_REQ.patch
+ bsc-1203931-03_drbd-fix-regression-never-ending-online-verify.patch
+ bsc-1203931-04_drbd-fix-VerifyT-being-stuck-when-using-verify-with-.patch
+ bsc-1203931-05_drbd_req-initialize-cong_fill-and-cong_extents.patch
+ bsc-1203931-06_drbd-fixes-ahead-behind-with-multi-volume-resources.patch
+ bsc-1203931-07_drbd-fix-invalid-iterator-usage-in-rcu-contexts.patch
+ bsc-1203931-08_drbd-fix-NULL-deref-in-request_timer_fn-with-disk-ti.patch
+ bsc-1203931-09_drbd-Scan-bitmap-per-peer-instead-of-once-for-the-de.patch
+ bsc-1203931-10_drbd-Never-keep-a-bitmap-uuid-value-if-there-is-no-b.patch
+ bsc-1203931-11_drbd-Fix-a-temporarily-paused-resync-to-make-progres.patch
+ bsc-1203931-12_drbd-One-more-fix-to-make-sure-a-temporarily-paused-.patch
+ bsc-1203931-13_drbd-fix-slow-sync-when-sync-requests-are-answered-q.patch
+ bsc-1203931-14_drbd-fix-incorrect-decrement-of-counter-in-protocol-.patch
+ bsc-1203931-15_drbd-fix-missing-decrement-of-unacked-counter-on-err.patch
+ bsc-1203931-16-drbd-fix-crash-when-c_max_rate-is-set-to-zero.patch
+ bsc-1203931-17_drbd-only-reschedule-resync-quickly-if-resync-sector.patch
+ bsc-1203931-18_drbd-avoid-blocking-application-IO-by-continually-lo.patch
+ bsc-1203931-19_drbd-Fix-read-access-after-free.patch
- expat
-
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
- glibc
-
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- pthread-cond-wait-stack-align.patch: x86: fix stack alignment in
pthread_cond_[timed]wait (bsc#1196852)
- gnutls
-
- sysrng-linux: re-open /dev/urandom every time [bsc#1204763]
* Control the file descriptor closing method
* Backported from c95312c5831be5418dc02a86d72bcd1eafd4c145
* Add gnutls-re-open-dev_urandom-every-time.patch
- grub2
-
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
- Make linuxefi default command as linux (bsc#1176134) (bsc#1202838)
* 0001-Fix-symbols-appearing-in-several-modules-in-linux.patch
* 0002-linux-fixup.patch
* 0003-cmdline-Provide-cmdline-functions-as-module.patch
* 0004-efi-linux-provide-linux-command.patch
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520)
* 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
- Remove zfs modules (bsc#1205554)
* grub-remove-zfs-modules.patch
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- fs/xfs: add bigtime incompat feature support (bsc#1203387)
* grub2-fs-xfs-Add-bigtime-incompat-feature-support.patch
- hawk2
-
- Fix detection of partial upgrade (bsc#1196673)
* bsc#1196673-fix-detection-of-partial-upgrade.patch
- jasper
-
- security update:
* CVE-2022-2963 [bsc#1202642]
+ jasper-CVE-2022-2963.patch
- java-1_7_1-ibm
-
- IBM Security Update November 2022: [bsc#1205302, bsc#1204703]
* The security vulnerability CVE-2022-3676 was fixed in version
7.1.5.15, adding the reference here.
- kernel-default
-
- vxlan: changelink: Fix handling of default remotes (git-fixes).
- commit 353bf78
- vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
- commit 4d54675
- net: aquantia: fix RSS table and key sizes (git-fixes).
- commit 3b040c8
- bonding: fix 802.3ad state sent to partner when unbinding slave
(git-fixes).
- commit 45191af
- vlan: Fix vlan insertion for packets without ethernet header
(git-fixes).
- commit 95ac5e1
- vlan: Fix out of order vlan headers with reorder header off
(git-fixes).
- commit 59cf369
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
(CVE-2023-1118 bsc#1208837).
- commit e793953
- xfrm: Copy policy family in clone_policy (git-fixes).
- commit 9d47068
- netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
- commit 8eff166
- netfilter: xt_connlimit: don't store address in the conn nodes
(git-fixes).
- commit b335237
- icmp: don't fail on fragment reassembly time exceeded
(git-fixes).
- commit ba8013a
- scsi: qla2xxx: Add option to disable FC2 Target support
(bsc#1198438 bsc#1206103).
- Delete
patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 6206180
- KABI FIX FOR: NFS: Pass error information to the pgio error
cleanup routine (git-fixes).
- commit 00c859b
- KABI FIX FOR - SUNRPC: Fix priority queue fairness (git-fixes).
- commit 91b67c9
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit c0b9b40
- kabi/severities: add l2tp local symbols
- commit 63a39ae
- l2tp: Serialize access to sk_user_data with sk_callback_lock
(bsc#1205711 CVE-2022-4129).
- commit ef8f012
- l2tp: fix race in duplicate tunnel detection (bsc#1205711
CVE-2022-4129).
- commit 6a8247c
- l2tp: fix races in tunnel creation (bsc#1205711 CVE-2022-4129).
- commit 4e92c0b
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit d76f4ba
- nfsd: fix race to check ls_layouts (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
(git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
(git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
failure (git-fixes).
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
(git-fixes).
- NFS: Pass error information to the pgio error cleanup routine
(git-fixes).
- SUNRPC: Fix priority queue fairness (git-fixes).
- commit 24274be
- blacklist.conf: updates
- commit 79d0f01
- blacklist.conf: powerpc math emulation is not used
- commit 7904b57
- blacklist.conf: 8e1278444446 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
- commit 1292ac8
- powerpc/fscr: Enable interrupts earlier before calling
get_user() (bsc#1065729).
- Refresh patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch
- powerpc/powernv: Fix build error in opal-imc.c when NUMA=n
(bsc#1065729).
- commit 9101ec0
- powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
- powerpc/powernv: IMC fix out of bounds memory access at shutdown
(bsc#1065729).
- commit f7b6c1a
- blacklist.conf: Add oops_limit accretion disk
- commit 26414f9
- blacklist.conf: fda31c50292a signal: avoid double atomic counter increments for user accounting
- commit ad47077
- blacklist.conf: Add 11e31f608b49 watchdog/softlockup: Enforce that timestamp is valid on boot
- commit 312b206
- ipmi: fix initialization when workqueue allocation fails
(git-fixes).
- commit 62cff13
- ipmi: msghandler: Make symbol 'remove_work_wq' static
(git-fixes).
- commit f48a444
- blacklist.conf: Add 0e48f51cbbfb Revert "/libata, freezer: avoid block device removal while system is frozen"/
- commit 3b5d052
- net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
- commit 354903d
- net: bmac: Fix read of MAC address from ROM (git-fixes).
- commit f260cf5
- net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).
- commit b08ffb4
- Refresh patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit e51ef45
- Revert "/af_unix: fix races in sk_peer_pid and sk_peer_cred accesses"/
This reverts commit e49e1b0f7e662d5b071015f05ead8185cb31f049
since it breaks the kernel.
- commit f1351a4
- Revert "/sock.h: hide new member (bsc#1194535 CVE-2021-4203)."/
This reverts commit 3cef23f4011eda051233a2e9572ae1d789313f41
since it breaks the kernel
- commit f66a3cf
- SUNRPC: make lockless test safe (bsc#1207201).
- commit 155aec2
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit 3cef23f
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit e49e1b0
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit ec6bedc
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1194535 CVE-2021-4203).
- commit b12b939
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit b1becb2
- net: mpls: fix stale pointer if allocation fails during device
rename (bsc#1208700 CVE-2023-26545).
- commit d61392c
- x86/mm: Randomize per-cpu entry area (bsc#1207845
CVE-2023-0597).
- refresh patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch.
- commit 6cab2a4
- block: bio-integrity: Copy flags when bio_integrity_payload
is cloned (bsc#1208541).
- commit 1c1919f
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
(bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
(bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
(bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
(bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
(bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
(bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
(bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
(bsc#1208570).
- commit 649e0ec
- blacklist.conf: feature not a fix
- commit 1443bd3
- blacklist.conf: feature not a fix
- commit ee1e977
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- commit d05158b
- blacklist.conf: cosmetic fix
- commit 4b9f79b
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- commit 2d46d95
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(git-fixes).
- commit 4c304c0
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- commit 7662fa0
- net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans
(git-fixes).
- commit ae05a84
- blacklist.conf: add blacklist
- commit d1dd69b
- blacklist.conf: update blacklist
- commit 8b2622c
- blacklist.conf: update blacklist
- commit 50d7ebf
- blacklist.conf: update blacklist
- commit a32c2b4
- blacklist.conf: update blacklist
- commit 941a0ae
- blacklist.conf: update blacklist
- commit ac031d8
- blacklist.conf: kABI
- commit 6c2dd7a
- blacklist.conf: false positive from stable
- commit 4cb1a8d
- net: allwinner: Fix use correct return type for ndo_start_xmit()
(git-fixes).
- commit a06fb6c
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
- commit 8e95e4e
- net: systemport: suppress warnings on failed Rx SKB allocations
(git-fixes).
- commit 34c447d
- net: bcmgenet: suppress warnings on failed Rx SKB allocations
(git-fixes).
- commit e3d888b
- net/mlx5e: Set of completion request bit should not clear
other adjacent bits (git-fixes).
- commit 1fccfde
- net: stmmac: Fix sub-second increment (git-fixes).
- commit 7bcb4c9
- blacklist.conf: regression due to missing feature in boot loader
- commit d40e68d
- xhci: Don't show warning for reinit on known broken suspend
(git-fixes).
- commit 60f17f0
- USB: serial: console: move mutex_unlock() before
usb_serial_put() (git-fixes).
- commit e9ada32
- USB: serial: ch341: fix disabled rx timer on older devices
(git-fixes).
- commit 1f1a3d6
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit f44e5ac
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
(git-fixes).
- commit c8ee3cd
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
(git-fixes).
- commit d5892e7
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 3dadb30
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- commit 9a54c12
- blacklist.conf: remove duplicated entry
- commit 09dbb7d
- prlimit: do_prlimit needs to have a speculation check
(git-fixes).
- signal handling: don't use BUG_ON() for debugging (git-fixes).
- panic: unset panic_on_warn inside panic() (git-fixes).
- ptrace: make ptrace() fail if the tracee changed its pid
unexpectedly (git-fixes).
- don't dump the threads that had been already exiting when zapped
(git-fixes).
- kernel/sys.c: avoid copying possible padding bytes in
copy_to_user (git-fixes).
- commit b9bfdd9
- kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
- Refresh patches.suse/supported-flag.
- commit d60d0fc
- blacklist.conf: add couple CORE patches
- commit 40318d8
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit 381f355
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- commit 4a8728c
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- commit 7a53afd
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(git-fixes).
- commit 4eade98
- net: usb: lan78xx: don't modify phy_device state concurrently
(git-fixes).
- commit 6ef7677
- blacklist.conf: add a cleanup to disable -Wmaybe-uninitialized
- commit 5840861
- blacklist.conf: duplicate
- commit 59bea49
- blacklist.conf: add a mips-only specific revert
- commit 2cf8eeb
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
(git-fixes).
- commit 4e09bf9
- blacklist.conf: add a not-strictly needed fw-loading fix
- commit 229946b
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- commit 4cc9e19
- net: usb: sr9700: Handle negative len (git-fixes).
- commit e4e2a28
- usb: rndis_host: Secure rndis_query check against int overflow
(CVE-2023-23559 bsc#1207051).
- commit e207be8
- xfs: Fix unreferenced object reported by kmemleak in
xfs_sysfs_init() (git-fixes).
- commit 8137300
- xfs: fix realtime bitmap/summary file truncation when growing
rt volume (git-fixes).
- commit e4116fa
- xfs: make sure the rt allocator doesn't run off the end
(git-fixes).
- commit 6e43199
- xfs: initialize the shortform attr header padding entry
(git-fixes).
- commit 362da99
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
- commit 80c6365
- xfs: fix partially uninitialized structure in
xfs_reflink_remap_extent (git-fixes).
- commit 9049b82
- xfs: fix mount failure crash on invalid iclog memory access
(git-fixes).
- commit 1d08499
- xfs: fix attr leaf header freemap.size underflow (git-fixes).
- commit 1653047
- xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
- commit ab6f871
- xfs: require both realtime inodes to mount (git-fixes).
- commit 2e5ec52
- xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
- commit fcdc154
- xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
- commit 2114c43
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit e1a86c1
- blacklist.conf: Blacklist the patch below
- Delete
patches.suse/ext4-don-t-BUG-if-someone-dirty-pages-without-asking.patch
to replace it with a better alternative we have in other branches
- commit d1f6219
- x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
- Refresh
patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch.
- commit 04b9b60
- cpu/hotplug: Fix "/SMT disabled by BIOS"/ detection for KVM
(git-fixes).
- kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
- Refresh
patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 450f659
- x86/hpet: Prevent potential NULL pointer dereference
(git-fixes).
- x86/mm: Don't leak kernel addresses (git-fixes).
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
(git-fixes).
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15
models (git-fixes).
- x86/kexec: Don't setup EFI info if EFI runtime is not enabled
(git-fixes).
- x86/fpu: Add might_fault() to user_insn() (git-fixes).
- commit 5915eb8
- x86/speculation: Remove SPECTRE_V2_IBRS in enum
spectre_v2_mitigation (bsc#1068032 CVE-2017-5754).
- Refresh
patches.suse/x86-retpoline-remove-minimal-retpoline-support.patch.
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
patches.suse/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch.
Make IBRS patches closer to upstream.
- commit 4cf6d38
- x86/speculation: Add support for STIBP always-on preferred mode
(git-fixes).
- x86/speculation: Change misspelled STIPB to STIBP (git-fixes).
- Refresh
patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch.
- Refresh
patches.suse/x86-speculation-avoid-force-disabling-ibpb-based-on-stibp-and-enhanced-ibrs.patch.
- Refresh
patches.suse/x86-speculation-merge-one-test-in-spectre_v2_user_select_mitigation.patch.
- Refresh
patches.suse/x86-speculation-pr_spec_force_disable-enforcement-for-indirect-branches.patch.
Update STIBP patches to be closer to upstream.
- commit 1ef4c9a
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit 9894e8b
- x86/earlyprintk: Add a force option for pciserial device
(git-fixes).
- x86/mce-inject: Reset injection struct after injection
(git-fixes).
- kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not
fault on bad stack (git-fixes).
- x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).
- commit f94b2cc
- blk-mq: fix possible memleak when register 'hctx' failed
(git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
(git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- commit e68f2dc
- blacklist.conf: add non-backport git-fixes commit
- commit b53530a
- x86: boot: Fix EFI stub alignment (git-fixes).
- commit 35efa28
- x86/bugs: Move the l1tf function and define pr_fmt properly
(git-fixes).
- Refresh
patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
patches.suse/0007-x86-kvm-Allow-runtime-control-of-L1D-flush.patch.
- Refresh
patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
- Refresh
patches.suse/x86-speculation-mds-add-mitigation-control-for-mds.patch.
- Refresh
patches.suse/x86-speculation-reorder-the-spec_v2-code.patch.
- Refresh
patches.suse/x86-speculation-support-mitigations-cmdline-option.patch.
- commit 1843a69
- Refresh patches.suse/x86-l1tf-06-add-sysfs-report.patch.
- Refresh
patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
Update to upstream version (X86_FEATURE_L1TF_PTEINV).
- commit 89f9e4a
- blacklist.conf: Add 86989c41b5ea signal: Always ignore SIGKILL and SIGSTOP sent to the global init
- commit bed9df8
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit a63545b
- blacklist.conf: Add a4055888629b mm/memcg: warning on !memcg after readahead page charged
- commit df06b7b
- blacklist.conf: Add 9a137153fc87 mm/memcg: fix device private memcg accounting
- commit 633912b
- blacklist.conf: Add d477f8c202d1 cpuset: restore sanity to cpuset_cpus_allowed_fallback()
- commit 53f3608
- net: mana: Fix IRQ name - add PCI and queue number
(bsc#1207875).
- commit b36fcf8
- x86/asm: Add instruction suffixes to bitops (git-fixes).
- x86/entry/64: Add instruction suffix (git-fixes).
- kprobes, x86/alternatives: Use text_mutex to protect
smp_alt_modules (git-fixes).
- x86/asm: Remove unnecessary nt in front of CC_SET() from
asm templates (git-fixes).
- blacklist.conf: remove it from there
- commit 42cc16d
- blacklist.conf: add some x86 commits
- commit 9547ab1
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
CVE-2023-0045).
- commit 18b587b
- tracing: Make sure trace_printk() can output as soon as it
can be used (git-fixes).
- commit 15c6ed8
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
print_trace_line (git-fixes).
- commit 720bed5
- jbd2: use the correct print format (git-fixes).
- commit 022b5a0
- tracing: Avoid adding tracer option before update_tracer_options
(git-fixes).
- commit 3c24529
- tracing: Fix sleeping function called from invalid context on
RT kernel (git-fixes).
- commit f5a6b6f
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
(git-fixes).
- commit d9419a4
- tracing: Ensure trace buffer is at least 4096 bytes large
(git-fixes).
- commit 73dee6a
- tracing: Fix tp_printk option related with
tp_printk_stop_on_boot (git-fixes).
- commit 9ae70c5
- tracing: Fix a kmemleak false positive in tracing_map
(git-fixes).
- commit 146abd5
- scsi: target: core: Add CONTROL field for trace events
(git-fixes).
- commit 5f4b9f3
- blacklist.conf: add not-relevant tracing fixes
- commit 6dbf1ea
- blacklist.conf: add qcom one thanks to present workaround
- commit 56b5e15
- Refresh
patches.suse/PCI-ACPI-Allow-D3-only-if-Root-Port-can-signal-and-w.patch.
Avoid compiler warning:
drivers/pci/pci-acpi.c: In function ‘acpi_pci_bridge_d3’:
drivers/pci/pci-acpi.c:549:5: warning: unused variable ‘val’ [-Wunused-variable]
u8 val;
^~~
- commit 94c9b34
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
(git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
(git-fixes).
- PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
- PCI/ASPM: Declare threshold_ns as u32, not u64 (git-fixes).
- commit 1a1e3cb
- blacklist.conf: Add guards
- d6810d730022 ("/memcg, THP, swap: make mem_cgroup_swapout() support THP"/)
- 00f3ca2c2d66 ("/mm: memcontrol: per-lruvec stats infrastructure"/)
- 1f4aace60b0e ("/fs/seq_file.c: simplify seq_file iteration code and interface"/)
- commit fd302dd
- virtio_console: eliminate anonymous module_init & module_exit
(git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit 04f33be
- Update
patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
(bsc#1206664 CVE-2022-4662).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662).
- commit 3097f42
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
bsc#1207795).
- commit 880415e
- blacklist.conf: 8219d31effa7 powerpc/lib/sstep: Fix build errors with newer binutils
Always building for at least POWER8
- commit 224de10
- blacklist.conf: Add fb5bf31722d0 fork: fix some -Wmissing-prototypes warnings
- commit dcf40c8
- blacklist.conf: Add 22839869f21a signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
- commit 4599dd7
- blacklist.conf: Ad db8dd9697238 cgroup-v1: cgroup_pidlist_next should update position index
- commit 6b34bd8
- memcg: remove memcg_cgroup::id from IDR on
mem_cgroup_css_alloc() failure (bsc#1208108).
- commit f958549
- blacklist.conf: Remove spurious whitespace
- commit 79063d5
- blacklist.conf: Add d08afa149acf mm, memcg: fix mem_cgroup_swapout() for THPs
- commit 0c330fd
- blacklist.conf: Add 4eaf431f6f71 memcg: fix per_node_info cleanup
- commit fb05fe9
- blacklist.conf: Add more unsupported ppc architecture paths
- commit e6a4392
- blacklist.conf: PCI bus numbering fixes for unsupported architectures
- commit 507eeac
- Update patches.suse/lightnvm-remove-lightnvm-implemenation.patch
(bsc#1191881 bsc#1201420 CVE-2022-2991).
- commit 125ae88
- blacklist.conf: not a fix, but a cleanup
- commit 6c62aaf
- blacklist.conf: cosmetic
- commit 89c1ac7
- blacklist.conf: feature, not a fix
- commit 7abc364
- blacklist.conf: false positive
- commit 89c7fc0
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
(git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
(git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
(git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
(git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
(git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
(git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- Revert "/scsi: core: run queue if SCSI device queue isn't ready
and queue is idle"/ (git-fixes).
- drbd: dynamically allocate shash descriptor (git-fixes).
- drbd: Change drbd_request_detach_interruptible's return type
to int (git-fixes).
- drbd: fix print_st_err()'s prototype to match the definition
(git-fixes).
- drbd: do not block when adjusting "/disk-options"/ while IO is
frozen (git-fixes).
- drbd: reject attach of unsuitable uuids even if connected
(git-fixes).
- drbd: ignore "/all zero"/ peer volume sizes in handshake
(git-fixes).
- commit 0a624a5
- blacklist.conf: Add powerpc inapplicable fixes.
- commit 7e5ff14
- blacklist.conf: Add more unsupported architecture paths
- commit a9d28f3
- blacklist.conf: Giving up on memtrace on 4.12 kernel
It's hopelessly outdated. It may work for some uses but definitely
cannot be fixed to work reliably. It's only available on powernv, anyway.
- commit 52370b2
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 850359a
- blacklist.conf: remove git-fix commit
Added before but now the context appears present.
- commit ca7ebf0
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
Since it is not upstream.
- commit 71b544b
- scsi: smartpqi: use processor ID for hwqueue for non-mq case .
- commit f7c419d
- Revert "/scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)"/
This reverts commit 10f3936c627ef942dd3b1e94d001f74978249b48.
- commit 08dc3b9
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
- commit 4f27069
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- commit 297ccbe
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
Heavily modified, as prerequisites for taking it as is would
utterly ruin kABI
- commit f6a5968
- iforce: restore old iforce_dump_packet (git-fixes).
- commit 4231d1c
- Input: iforce - reformat the packet dump output (git-fixes).
- commit dc68ca6
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).
- commit 234f459
- blacklist.conf: designed to break kABI
- commit 8b4ffca
- parisc: Fix HP SDC hpa address output (git-fixes).
- commit 810aa94
- parisc: Fix serio address output (git-fixes).
- commit 0f57ebf
- Input: do not use WARN() in input_alloc_absinfo() (git-fixes).
- commit 84da185
- Input: replace hard coded string with __func__ in pr_err()
(git-fixes).
- commit cda312b
- Input: convert autorepeat timer to use timer_setup()
(git-fixes).
- commit cbdf2f3
- Input: switch to using sizeof(*type) when allocating memory
(git-fixes).
- commit 8f71a2f
- Input: use seq_puts() in input_devices_seq_show() (git-fixes).
- commit 1b69f50
- Input: use seq_putc() in input_seq_print_bitmap() (git-fixes).
- commit f2b9cd4
- blacklist.conf: blacklist drivers/input/touchscreen/stmfts.c
Support for this driver has been added in v4.13 with
78bcac7b2ae1e4f6e96c68ff353c140669ea231c, which we have
not taken in SLE12. Silence the scripts.
- commit 86c295f
- struct dwc3: move new members to the end (git-fixes).
- commit 09b2302
- usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init
during suspend/resume (git-fixes).
- Refresh
patches.suse/usb-dwc3-Disable-phy-suspend-after-power-on-reset.patch.
- commit d6a4fb0
- usb: dwc3: core: Call dwc3_core_get_phy() before initializing
phys (git-fixes).
- commit f2e20db
- usb: dwc3: core: initialize ULPI before trying to get the PHY
(git-fixes).
- commit ca7dae7
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit ba1784c
- tracing/cfi: Fix cmp_entries_* functions signature mismatch
(git-fixes).
- commit 6fe5958
- tracing: Fix stack trace event size (git-fixes).
- commit 6ddfce9
- ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).
- commit f3f9c2c
- tracing: Use address-of operator on section symbols (git-fixes).
- commit ff93892
- trigger_next should increase position index (git-fixes).
- commit 6f1b4bf
- ftrace: fpid_next() should increase position index (git-fixes).
- commit c8a082f
- tracing: Set kernel_stack's caller size properly (git-fixes).
- commit b0151c0
- tracing: Adding NULL checks for trace_array descriptor pointer
(git-fixes).
- commit 08a9d55
- ftrace: Enable trampoline when rec count returns back to one
(git-fixes).
- Refresh
patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch.
- Refresh
patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch.
- commit c714737
- ftrace: Fix NULL pointer dereference in
free_ftrace_func_mapper() (git-fixes).
- commit 5646431
- blacklist.conf: add not-relevant ftrace fixes
- commit 5961e96
- blacklist.conf: add a kdb fix which breaks kABI
- commit 7191d79
- blacklist.conf: add a kbuild compiler options cleanup
- commit 5e6755f
- blacklist.conf: add not-relevant fixes for the switch_sched event
- commit ebfa63d
- blacklist.conf: Add upstream config paths.
- commit 55c391f
- xen-netfront: Fix hang on device removal (bsc#1206698).
- commit 619f87d
- HID: check empty report_list in hid_validate_values()
(git-fixes, bsc#1206784).
- commit 0c3e451
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(git-fixes, bsc#1207186).
- commit 29e41ae
- HID: betop: check shape of output reports (git-fixes,
bsc#1207186).
- commit b716c1e
- git_sort: add usb-linus branch for gregkh/usb
- commit ea34985
- audit: ensure userspace is penalized the same as the kernel
when under pressure (bsc#1204514).
- commit 424bf73
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF (CVE-2023-0266 bsc#1207134).
- commit 55a788e
- audit: improve robustness of the audit queue handling
(bsc#1204514).
- commit 6afddf3
- blacklist.conf: Add memcg unusable fixes
- Add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
- Add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers
- Add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
- Add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts
- commit 6350151
- dm thin: Use last transaction's pmd->root when commit failed
(git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
(git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
dm_pool_abort_metadata (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
enabled (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(git-fixes).
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
(git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
(git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(git-fixes).
- dm btree: add a defensive bounds check to insert_at()
(git-fixes).
- floppy: Add max size check for user space request (git-fixes).
- blk-cgroup: fix missing put device in error path from
blkg_conf_pref() (git-fixes).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(git-fixes).
- cryptoloop: add a deprecation warning (git-fixes).
- virtio-blk: Fix memory leak among suspend/resume procedure
(git-fixes).
- dm space maps: don't reset space map allocation cursor when
committing (git-fixes).
- block: only update parent bi_status when bio fail (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- Revert "/dm cache: fix arm link errors with inline"/ (git-fixes).
- nbd: fix a block_device refcount leak in nbd_release
(git-fixes).
- blk-cgroup: Pre-allocate tree node on blkg_conf_prep
(git-fixes).
- blk-cgroup: Fix memleak on error path (git-fixes).
- nbd: make the config put is called before the notifying the
waiter (git-fixes).
- blk-mq: insert request not through ->queue_rq into sw/scheduler
queue (git-fixes).
- bcache: fix super block seq numbers comparision in
register_cache_set() (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- blktrace: break out of blktrace setup on concurrent calls
(git-fixes).
- blktrace: fix endianness for blk_log_remap() (git-fixes).
- blktrace: fix endianness in get_pdu_int() (git-fixes).
- blktrace: use errno instead of bi_status (git-fixes).
- block/bio-integrity: don't free 'buf' if
bio_integrity_add_page() failed (git-fixes).
- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to
find a zone (git-fixes).
- ps3disk: use the default segment boundary (git-fixes).
- null_blk: fix spurious IO errors after failed past-wp access
(git-fixes).
- Revert "/blkdev: check for valid request queue before issuing
flush"/ (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq
(git-fixes).
- null_blk: Handle null_add_dev() failures properly (git-fixes).
- block, bfq: fix overwrite of bfq_group pointer in
bfq_find_set_group() (git-fixes).
- dm bio record: save/restore bi_end_io and bi_integrity
(git-fixes).
- brd: check and limit max_part par (git-fixes).
- nbd: add a flush_workqueue in nbd_start_device (git-fixes).
- compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
(git-fixes).
- block: fix memleak when __blk_rq_map_user_iov() is failed
(git-fixes).
- nbd: fix shutdown and recv work deadlock v2 (git-fixes).
- nbd:fix memory leak in nbd_get_socket() (git-fixes).
- rsxx: add missed destroy_workqueue calls in remove (git-fixes).
- nbd: verify socket is supported during setup (git-fixes).
- nbd: handle racing with error'ed out commands (git-fixes).
- nbd: fix possible sysfs duplicate warning (git-fixes).
- commit 13f6ec9
- nbd: fix max number of supported devs (git-fixes).
- Refresh for the above change,
patches.suse/0006-nbd-don-t-update-block-size-after-device-is-started.patch.
- commit 0c94304
- nbd: add missing config put (git-fixes).
- loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).
- block/bio-integrity: fix a memory leak bug (git-fixes).
- nbd: fix crash when the blksize is zero (git-fixes).
- dm verity: use message limit for data block corruption message
(git-fixes).
- blk-mq: move cancel of requeue_work into blk_mq_release
(git-fixes).
- block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).
- block, bfq: increase idling for weight-raised queues
(git-fixes).
- dm thin: add sanity checks to thin-pool and external snapshot
creation (git-fixes).
- zram: fix double free backing device (git-fixes).
- dm flakey: Properly corrupt multi-page bios (git-fixes).
- dm crypt: use u64 instead of sector_t to store iv_offset
(git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (git-fixes).
- sunvdc: Do not spin in an infinite loop when vio_ldc_send()
returns EAGAIN (git-fixes).
- dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).
- amiflop: clean up on errors during setup (git-fixes).
- swim: fix cleanup on setup error (git-fixes).
- drivers/block/zram/zram_drv.c: fix bug storing backing_dev
(git-fixes).
- nbd: handle unexpected replies better (git-fixes).
- nbd: don't requeue the same request twice (git-fixes).
- nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag
(git-fixes).
- commit 687c872
- block: add a lower-level bio_add_page interface (git-fixes).
- Refresh for the above change,
patches.suse/block-remove-bvec_to_phys.patch.
- commit 1c0212c
- dm: Use kzalloc for all structs with embedded biosets/mempools
(git-fixes).
- block/swim: Select appropriate drive on device open (git-fixes).
- block/swim: Fix IO error at end of medium (git-fixes).
- block/swim: Check drive type (git-fixes).
- block/swim: Rename macros to avoid inconsistent inverted logic
(git-fixes).
- block/swim: Don't log an error message for an invalid ioctl
(git-fixes).
- m68k/mac: Don't remap SWIM MMIO region (git-fixes).
- commit 7216c12
- blacklist.conf: Add hung task detector optimizations
- Add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic
- Add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend
- Add 168e06f7937d kernel/hung_task.c: force console verbose before panic
- Add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies
- commit 106657e
- blacklist.conf: Add de5b55c1d4e3 stop_machine: Use raw spinlocks
- commit 70e34be
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
CVE-2022-47929).
- commit a70de61
- blacklist.conf: remove the following commits which will be
backported as git-fixes,
- f01b411f41f91fc3196eae4317cf8b4d872830a6
- 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit f91ec99
- blacklist.conf: add git-fixes commits which won't be backported
- commit b06014b
- ipv6: raw: Deduct extension header length in
rawv6_push_pending_frames (bsc#1207168).
- commit cec1a9b
- blacklist.conf: Blacklist 307af6c87937
- commit c4d1659
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit e12f310
- mbcache: don't reclaim used entries (bsc#1198971).
- commit f6dfab7
- Update tags
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b091c25
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1207195).
- commit b48b001
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit e326580
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit f3bb269
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
(bsc#1065729).
- commit d5cf3c0
- blacklist.conf: Blacklist c915fb80eaa6
- commit 4862158
- blacklist.conf: Blacklist 7159a986b420
- commit 8b03a93
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit ef0b25b
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 903c6ab
- udf: Check LVID earlier (bsc#1207108).
- commit 015783c
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1206646).
- commit a391f82
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit 1573f9a
- udf: Limit sparing table size (bsc#1206643).
- commit 458f745
- udf: Avoid accessing uninitialized data on failed inode read
(bsc#1206642).
- commit ae4803c
- udf: Fix free space reporting for metadata and virtual
partitions (bsc#1206641).
- commit a21c3d0
- udf: Fix BUG on corrupted inode (bsc#1207107).
- commit 142aae1
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit 1fd21c3
- blacklist.conf: Blacklist dd5532a4994b
- commit 1a95452
- blacklist.conf: Blacklist 10f04d40a9fa
- commit 9db6570
- blacklist.conf: Blacklist 6fcbcec9cfc7
- commit a38aa89
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF}
quotactls (bsc#1207104).
- commit 9272ca4
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 9135482
- blacklist.conf: Blacklist 28ce50f8d96e
- commit 4884298
- isofs: reject hardware sector size > 2048 bytes (bsc#1207103).
- commit e46cdb2
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 6127981
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- commit 8e6d6a5
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
(bsc#1207102).
- commit 7338cee
- block, bfq: fix overwrite of bfq_group pointer in
bfq_find_set_group() (bsc#1175995,jsc#SLE-15608).
- commit d71d0e3
- blacklist.conf: Blacklist 5c099c4fdc43
- commit 665ce36
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit 7faea59
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 0eea07e
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 7a14dda
- blacklist.conf: Blacklist d1052d236edd
- commit 0c9fa3b
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit bc2f14a
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 9a43afd
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit b5cdb98
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit 49d324e
- blacklist.conf: Blacklist 613c5a85898d
- commit 54c3380
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit b7ada6c
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit c7f8ba9
- ext4: unindent codeblock in ext4_xattr_block_set()
(bsc#1198971).
- commit cd983c4
- blacklist.conf: Blacklist 6bc0d63dad7f
- commit eaa9493
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 7e9aa45
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- commit 2f31cd1
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit 84de60f
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit 65f415c
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 3e25d04
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit cc87a22
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit ede473e
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit 4f9eee6
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit 22a4adc
- ext4: don't BUG if someone dirty pages without asking ext4 first
(bsc#1207097).
- blacklist.conf: Blacklist ea_inode related commits
- commit 9502092
- blacklist.conf: Blacklist 5dccdc5a1916
- commit 4f5adf1
- blacklist.conf: Blacklist b5776e7524af
- commit f1a0a1a
- ext4: Detect already used quota file early (bsc#1206873).
- commit 87720a2
- blacklist.conf: Blacklist 11215630aada
- commit eb3396e
- blacklist.conf: Blacklist 8418897f1bf8
- commit 16639ef
- blacklist.conf: Blacklist 907ea529fc4c
- commit 6a4fc32
- blacklist.conf: Blacklist a17a9d935dc4
- commit a76a169
- ext4: use matching invalidatepage in ext4_writepage
(bsc#1206858).
- commit aba337c
- blacklist.conf: Blacklist c96e2b8564ad
- commit 49f777f
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 1cd40a2
- blacklist.conf: Blacklist f629afe3369e
- commit 2a1b322
- blacklist.conf: Blacklist 64d4ce892383
- commit ab3ecba
- blacklist.conf: Blacklist 65db869c754e
- commit bd9d268
- blacklist.conf: Blacklist 8c380ab4b7b5
- commit 6d50017
- ext4: prohibit fstrim in norecovery mode (bsc#1207094).
- commit 968ac45
- blacklist.conf: Blacklist 6c7328400e04
- commit 192eee8
- blacklist.conf: Blacklist ddccb6dbe780
- commit b7b4229
- ext4: clear mmp sequence number when remounting read-only
(bsc#1207093).
- commit 7957fbf
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).
- commit 9556f87
- blacklist.conf: Blacklist couple of commits
- commit d7f2f6c
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- commit fcfa387
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 9f135a3
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit d23f0d2
- module: set MODULE_STATE_GOING state when a module fails to load
(git-fixes).
- commit db5c7ff
- blacklist.conf: add f6d061d61712 ("/kernel/module: Fix memleak in
module_add_modinfo_attrs()"/)
- commit adb3140
- README.BRANCH: Remove Petr Tesařík from README.BRANCH
Petr is no longer with SUSE, and the address bounces.
- commit a114688
- blacklist.conf: ppc radix hugepage ioremap
Add commits related to this feature we don't have on 4.12
- commit 30daa9a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1065729).
- powerpc/smp: Set numa node before updating mask (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
(bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
(bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
(bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
(bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
a valid PE number (bsc#1065729).
- commit 1c66115
- powerpc/pseries/cmm: Implement release() function for sysfs
device (bsc#1065729).
- powerpc/pseries: Mark accumulate_stolen_time() as notrace
(bsc#1065729).
- powerpc/futex: Fix warning: 'oldval' may be used uninitialized
in this function (bsc#1065729).
- Refresh patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch
- commit 3acc489
- powerpc/pci/of: Fix OF flags parsing for 64bit BARs
(bsc#1065729).
- powerpc/pseries/hvconsole: Fix stack overread via udbg
(bsc#1065729).
- powerpc/boot: Fix missing check of lseek() return value
(bsc#1065729).
- powerpc/traps: Fix the message printed when stack overflows
(bsc#1065729).
- powerpc/pseries: add of_node_put() in dlpar_detach_node()
(bsc#1065729).
- powerpc/pseries: Fix node leak in
update_lmb_associativity_index() (bsc#1065729).
- powerpc/powernv/eeh/npu: Fix uninitialized variables in
opal_pci_eeh_freeze_status (bsc#1065729).
- powerpc/mm: Make NULL pointer deferences explicit on bad page
faults (bsc#1065729).
- powerpc/xmon: fix dump_segments() (bsc#1065729).
- powerpc/64/module: REL32 relocation range check (bsc#1065729).
- powerpc/time: Fix clockevent_decrementer initalisation for PR
KVM (bsc#1065729).
- powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
(bsc#1065729).
- powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
(bsc#1065729).
- powerpc/boot: Disable vector instructions (bsc#1065729).
- powerpc/time: Use clockevents_register_device(), fixing an
issue with large decrementer (bsc#1065729).
- powerpc/xive: Move a dereference below a NULL test
(bsc#1065729).
- powerpc/64s/hash: Fix stab_rr off by one initialization
(bsc#1065729).
- powerpc/iommu: Avoid derefence before pointer check
(bsc#1065729).
- powerpc/powernv: opal_put_chars partial write fix (bsc#1065729).
- powerpc/boot: Fix 64-bit boot wrapper build with non-biarch
compiler (bsc#1065729).
- Refresh patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch
- commit 5dcb3e2
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
check failure.
As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
in the exception list, replace them with a general pattern. And add OBJTOOL
as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
git-fixes).
- powerpc/xive: Add a check for memory allocation failure
(fate#322438 git-fixes).
- commit 3922d2a
- memcg, kmem: further deprecate kmem.limit_in_bytes
(bsc#1206896).
- commit 5804d85
- arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes)
- commit 714ef7f
- arm64: smp: Handle errors reported by the firmware (git-fixes)
- commit 9d794c2
- blacklist.conf: ("/arm64: mm: Prevent mismatched 52-bit VA support"/)
- commit f1a361c
- arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes)
- commit 6cee162
- arm64: ftrace: don't adjust the LR value (git-fixes)
- commit eb42f1a
- arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes)
- commit c7b004f
- arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes)
- commit b2c772e
- arm64: makefile fix build of .i file in external module case (git-fixes)
- commit 195399e
- blacklist.conf: ("/arm64: percpu: Initialize ret in the default case"/)
- commit 4e64a56
- blacklist.conf: ("/arm64: lib: use C string functions with KASAN enabled"/)
- commit dd95ca4
- arm64: jump_label.h: use asm_volatile_goto macro instead of "/asm (git-fixes)
- commit eb342d8
- arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes)
- commit 14aabd0
- arm64: alternative: Use true and false for boolean values (git-fixes)
- commit 301b65d
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes)
- commit a25e150
- arm64: make secondary_start_kernel() notrace (git-fixes)
- commit 4106666
- blacklist.conf: ("/arm64: defconfig: Enable Rockchip io-domain driver"/)
- commit ad93c99
- arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes)
- commit e15bbd4
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes)
- commit 62841b2
- arm64: ptrace: remove addr_limit manipulation (git-fixes)
- commit e003877
- blacklist.conf: Add ppc fixes only applicable to 4.14
- commit 131a7b8
- blacklist.conf: Add reverted ppc commit
- commit a8b8b81
- NFS Handle missing attributes in OPEN reply (bsc#1203740).
- commit 5c8477f
- blacklist.conf: cosmetic fix
- commit 4cdceea
- blacklist.conf: cosmetic fix
- commit 0413215
- blacklist.conf: adds a WARN only
- commit f484812
- usb: dwc3: gadget: Fix OTG events when gadget driver isn't
loaded (git-fixes).
- commit c42a78e
- blacklist.conf: changes API
- commit df9a032
- blacklist.conf: powerpc watchdog implemented in 4.13
- commit 7400877
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 3059da1
- powerpc/pseries/eeh: use correct API for error log size
(bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
(bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- Refresh patches.suse/powerpc-disable_fixed_phb_option.patch
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1065729).
- commit e9baafc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
(jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
(jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
(jsc#PED-568).
- commit 445debb
- blacklist.conf: fixes for bugs we don't have
git-fixes suggests patches from a later LTS which are fixes for patches
that we don't have. So blacklist them.
- commit 7eacd62
- Refresh patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch.
This has landed in mainline so update commit info
- commit 102542f
- Refresh
patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch.
gcc pointed out to me a porting error in this patch
- commit 00a42ee
- NFSv4.x: Fail client initialisation if state manager thread
can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
(git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(git-fixes).
- NFS: swap-out must always use STABLE writes (git-fixes).
- NFS: swap IO handling is slightly different for O_DIRECT IO
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
(git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- NFS: Correct size calculation for create reply length
(git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
(git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
delegation recall (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
(git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
(git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
fails (git-fixes).
- sunrpc: fix crash when cache_head become valid before update
(git-fixes).
- fs: nfs: Fix possible null-pointer dereferences in
encode_attrs() (git-fixes).
- NFSv2: Fix write regression (git-fixes).
- NFSv2: Fix eof handling (git-fixes).
- NFS: Fix initialisation of I/O result struct in
nfs_pgio_rpcsetup (git-fixes).
- NFSv4: Fix return value in nfs_finish_open() (git-fixes).
- NFSv4: Fix return values for nfs4_file_open() (git-fixes).
- svcrdma: Ignore source port when computing DRC hash (git-fixes).
- net :sunrpc :clnt :Fix xps refcount imbalance on the error path
(git-fixes).
- nfsd: allow fh_want_write to be called twice (git-fixes).
- sunrpc: don't mark uninitialised items as VALID (git-fixes).
- nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
- nfs: Fix NULL pointer dereference of dev_name (git-fixes).
- NFS: nfs_compare_mount_options always compare auth flavors
(git-fixes).
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
(git-fixes).
- sunrpc: fix cache_head leak due to queued request (git-fixes).
- nfsd: fix a warning in __cld_pipe_upcall() (git-fixes).
- nfsd4: fix crash on writing v4_end_grace before nfsd startup
(git-fixes).
- lockd: fix decoding of TEST results (git-fixes).
- SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes).
- flexfiles: enforce per-mirror stateid only for v4 DSes
(git-fixes).
- flexfiles: use per-mirror specified stateid for IO (git-fixes).
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
(git-fixes).
- SUNRPC: drop pointless static qualifier in
xdr_get_next_encode_buffer() (git-fixes).
- sunrpc: Fix connect metrics (git-fixes).
- SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes).
- NFSv4.x: fix lock recovery during delegation recall (git-fixes).
- SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
(git-fixes).
- NFSv4: Fix open create exclusive when the server reboots
(git-fixes).
- commit 25159f5
- powerpc/pseries: unregister VPA when hot unplugging a CPU
(bsc#1205695 ltc#200603).
- commit d06e561
- Fix kABI breakage in usb.h: struct usb_device:
hide new member (bsc#1206664 CVE-2022-4662).
- USB: core: Prevent nested device-reset calls (bsc#1206664
CVE-2022-4662).
- commit 3cb5d2f
- move new members of struct usbnet to end (git-fixes).
- commit 727de32
- CDC-NCM: remove "/connected"/ log message (git-fixes).
- commit 22cc214
- media: Don't let tvp5150_get_vbi() go out of vbi_ram_default
array (git-fixes).
- commit 09471ab
- media: i2c: tvp5150: remove useless variable assignment in
tvp5150_set_vbi() (git-fixes).
- commit 0f3eff0
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit d5fc0df
- Add Tegra repository to git_sort.
- commit a3bc12e
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6849123
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- commit b2fe9de
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bcc09f1
- rndis_host: increase sleep time in the query-response loop
(git-fixes).
- commit 7632b5d
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
switch (git-fixes).
- commit b040831
- net: kalmia: fix memory leaks (git-fixes).
- commit c76568f
- net/usb/kalmia: use ARRAY_SIZE for various array sizing
calculations (git-fixes).
- commit fefbe90
- net: kalmia: clean up bind error path (git-fixes).
- commit ba39d56
- net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes).
- commit a8619f3
- net: usb: asix: init MAC address buffers (git-fixes).
- commit b22ad3e
- net: usb: asix: ax88772_bind return error when hw_reset fail
(git-fixes).
- Refresh
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch.
- commit 65076ad
- blacklist.conf: duplicate
- commit 5f7f532
- net: usb: rtl8150: demote allmulti message to dev_dbg()
(git-fixes).
- commit 117cf2b
- kABI: mitigate new ufs_stats field (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
(git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
(git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case
(git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
(git-fixes).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
PT2PT topology (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: megaraid: Fix error check return value of
register_chrdev() (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
(git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
(git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
(git-fixes).
- scsi: libiscsi: Fix UAF in
iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
(git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
"/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
(git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sr: Return correct event when media event code is 3
(git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
- ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
(git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
list_for_each_entry() (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
shift of u8 (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
(git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
(git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(git-fixes).
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
state (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(git-fixes).
- scsi: scsi_transport_srp: Don't block target in failfast state
(git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
(git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is
runtime ACTIVE (git-fixes).
- scsi: libiscsi: Fix NOP race condition (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
(git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
(git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
(git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
ufs_qcom_testbus_config() (git-fixes).
- scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
(git-fixes).
- commit 8407432
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit ad34c09
- scsi: ufs: Clean up completed request without interrupt
notification (git-fixes).
- Refresh
patches.suse/scsi-ufs-properly-release-resources-if-a-task-is-aborted-successfully.
- commit 47def13
- scsi: ufs: Improve interrupt handling for shared interrupts
(git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
(git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
(git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
(git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
(git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
(git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
(git-fixes).
- scsi: mpt3sas: Fix double free warnings (git-fixes).
- scsi: qedi: Fix termination timeouts in session logout
(git-fixes).
- scsi: qedi: Do not flush offload work if ARP not resolved
(git-fixes).
- scsi: iscsi: Report unbind session event when the target has
been removed (git-fixes).
- scsi: aacraid: Disabling TM path and only processing IOP reset
(git-fixes).
- scsi: ipr: Fix softlockup when rescanning devices in petitboot
(git-fixes).
- scsi: Revert "/target: iscsi: Wait for all commands to finish
before freeing a session"/ (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
connections (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
(git-fixes).
- scsi: ufs: Complete pending requests in host reset and restore
path (git-fixes).
- scsi: libcxgbi: fix NULL pointer dereference in
cxgbi_device_destroy() (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: target: iscsi: Wait for all commands to finish before
freeing a session (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: pm80xx: Fix for SATA device discovery (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
(git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
(git-fixes).
- scsi: aacraid: fix illegal IO beyond last LBA (git-fixes).
- scsi: mpt3sas: Fix clear pending bit in ioctl status
(git-fixes).
- scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
(git-fixes).
- scsi: sni_53c710: fix compilation error (git-fixes).
- scsi: scsi_dh_alua: handle RTPG sense code correctly during
state transitions (git-fixes).
- scsi: megaraid: disable device when probe failed after enabled
device (git-fixes).
- scsi: ufs: skip shutdown if hba is not powered (git-fixes).
- scsi: core: Reduce memory required for SCSI logging (git-fixes).
- scsi: hpsa: correct scsi command status issue after reset
(git-fixes).
- commit 01813b3
- scsi: scsi_dh_alua: always use a 2 second delay before retrying
RTPG (git-fixes).
- Refresh
patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch.
- commit 37a1f9a
- scsi: megaraid_sas: fix panic on loading firmware crashdump
(git-fixes).
- scsi: libcxgbi: add a check for NULL pointer in
cxgbi_check_route() (git-fixes).
- scsi: qedi: Abort ep termination if offload not scheduled
(git-fixes).
- scsi: ufs: Fix regulator load and icc-level configuration
(git-fixes).
- scsi: ufs: Avoid configuring regulator with undefined voltage
range (git-fixes).
- scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
(git-fixes).
- scsi: qla4xxx: fix a potential NULL pointer dereference
(git-fixes).
- scsi: iscsi: flush running unbind operations when removing a
session (git-fixes).
- scsi: megaraid_sas: reduce module load time (git-fixes).
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
(git-fixes).
- scsi: libsas: Check SMP PHY control function result (git-fixes).
- scsi: 53c700: pass correct "/dev"/ to dma_alloc_attrs()
(git-fixes).
- scsi: ufs: Fix system suspend status (git-fixes).
- scsi: qla4xxx: check return code of
qla4xxx_copy_from_fwddb_param (git-fixes).
- scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
free_irq during unload (git-fixes).
- scsi: libiscsi: Fix NULL pointer dereference in
iscsi_eh_session_reset (git-fixes).
- scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes).
- scsi: dc395x: fix dma API usage in srb_done (git-fixes).
- scsi: iscsi_tcp: Explicitly cast param in
iscsi_sw_tcp_host_get_param (git-fixes).
- scsi: isci: Change sci_controller_start_task's return type to
sci_status (git-fixes).
- scsi: isci: Use proper enumerated type in
atapi_d2h_reg_frame_handler (git-fixes).
- scsi: ips: fix missing break in switch (git-fixes).
- scsi: NCR5380: Check for bus reset (git-fixes).
- scsi: NCR5380: Handle BUS FREE during reselection (git-fixes).
- scsi: NCR5380: Don't call dsprintk() following reselection
interrupt (git-fixes).
- scsi: NCR5380: Don't clear busy flag when abort fails
(git-fixes).
- scsi: NCR5380: Check for invalid reselection target (git-fixes).
- scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
(git-fixes).
- scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
(git-fixes).
- scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes).
- scsi: NCR5380: Clear all unissued commands on host reset
(git-fixes).
- scsi: pm80xx: Fixed system hang issue during kexec boot
(git-fixes).
- scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes).
- scsi: sd: don't crash the host on invalid commands (git-fixes).
- scsi: ibmvscsis: Ensure partition name is properly NUL
terminated (git-fixes).
- scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes).
- scsi: 3ware: fix return 0 on the error path of probe
(git-fixes).
- scsi: vmw_pvscsi: Return DID_RESET for status
SAM_STAT_COMMAND_TERMINATED (git-fixes).
- scsi: fcoe: drop frames in ELS LOGO error path (git-fixes).
- scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
(git-fixes).
- commit 629211b
- blacklist.conf: add git-fix commits to black list
- commit 77cd26b
- drm/amdkfd: Check for null pointer after calling kmemdup
(CVE-2022-3108 bsc#1206389 git-fixes).
- commit d5c766f
- Update
patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
(CVE-2022-3107 bsc#1206395 git-fixes).
- commit 060c52f
- blacklist.conf: Risky, requires reworking of mempolicies
- commit f553475
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit d2abfa4
- blacklist.conf: fixes for old ftrace bugs, too intrusive
- commit 16e8a4b
- blacklist.conf: afs fixes which is not compiled
- commit e4c8294
- tracing: Fix code comments in trace.c (git-fixes).
- commit ec2222c
- blacklist.conf: code style cleanup for kernel/module
- commit 4ec89b1
- blacklist.conf: cosmetic fix
- commit 69fb632
- Bluetooth: hci_qca: Fix the teardown problem for real
(git-fixes).
- commit d54a6b7
- memcg: Fix possible use-after-free in
memcg_write_event_control() (bsc#1206344).
- commit 2e65110
- blacklist.conf: removes an API
- commit e61353f
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- commit f421241
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
(git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/module: fix loading modules with a lot of relocations
(git-fixes).
- s390/qeth: fix deadlock during failing recovery (bsc#1206213
LTC#200742).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1206213
LTC#200742).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
(git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
(git-fixes).
- s390: appldata depends on PROC_SYSCTL (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static
build (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390/qeth: remove driver-wide workqueue (bsc#1206213
LTC#200742).
- s390/qeth: don't defer close_dev work during recovery
(bsc#1206213 LTC#200742).
- commit 1acccf5
- Delete and blacklist
patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch.
- commit 26d92fb
- blacklist.conf: add 6f390916c4fb KVM: s390: Ensure
kvm_arch_no_poll() is read once when blocking vCPU
- commit d8badd9
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 014ac33
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 4f96478
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- commit 0f3ab2f
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 707f425
- Delete
patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch
and add it to blacklist.conf instead, as the patch breaks shadow page
tables for KVM guests without any real other gain (bsc#1205234).
- commit afc147a
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
- Refresh
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
Fix up after merge from cve/4.12. The patch can be closer to upstream in
12sp5 as we have more than in the cve branch.
- commit c316a9f
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit 54d8403
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 0a9d163
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit 1430849
- cuse: prevent clone (bsc#1206120).
- fuse: don't check refcount after stealing page (bsc#1206119).
- fuse: retrieve: cap requested size to negotiated max_write
(bsc#1206118).
- fuse: use READ_ONCE on congestion_threshold and max_background
(bsc#1206117).
- commit 04cffe1
- blacklist.conf: added 4a6f278d4827 ("/fuse: add file_modified() to fallocate"/)
- commit 02645f1
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit 1051f51
- blacklist.conf: add hamradio
- commit 099ae10
- net: hns3: fix kernel crash when unload VF while it is being
reset (git-fixes).
- commit ae4bc46
- net: smsc911x: Fix unload crash when link is up (git-fixes).
- commit 5d0ae5f
- i40e: Fix kernel crash during module removal (git-fixes).
- commit 5410efd
- i40e: Fix reset path while removing the driver (git-fixes).
- commit a60eb44
- net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
- commit 9864107
- net: aquantia: Fix actual speed capabilities reporting
(git-fixes).
- Refresh
patches.suse/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch.
- commit 4b16854
- gianfar: Disable EEE autoneg by default (git-fixes).
- commit e3da720
- net: ethernet: arc: fix error handling in emac_rockchip_probe
(git-fixes).
- commit a60d1e6
- sfp: fix RX_LOS signal handling (git-fixes).
- commit e49032c
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(git-fixes).
- commit 1a4980e
- xen-netfront: remove warning when unloading module (git-fixes).
- commit 8066ddd
- macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
- commit fdbdae5
- macsec: check return value of skb_to_sgvec always (git-fixes).
- commit 958f55b
- blacklist.conf: Add 51bee5abeab2 cgroup/pids: turn cgroup_subsys->free()
into cgroup_subsys->release() to fix the accounting
- commit 5bcd4d4
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 6514e10
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 9837fc7
- blacklist.conf: Add 45e1ba40837a cgroup: disable controllers at parse
time
- commit ccb9bf4
- blacklist.conf: Add threaded cgroups related patches
The come from stable-4.14, thus not relevant for us.
(One more cgroup patch added that's unneeded too.)
- commit dbc5a4e
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- Refresh
patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit e452934
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit cf52a0b
- add missing bug reference to a hv_netvsc patch file (bsc#1204850).
- commit e38a906
- blacklist.conf: add 72791ac854fea3
- commit f0edb3e
- blacklist.conf: add 5c13a4a0291b3019
- commit 2149313
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit 4bead56
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 3e8dd4e
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit 392a5ef
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit df41542
- blacklist.conf: add e8240addd0a3919e
- commit 5c7763d
- blacklist.conf: add 0f4558ae91870692c
- commit 480f3db
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit b478418
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit d9798f7
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit 05697f5
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit d643b77
- xen/blkback: fix memory leaks (git-fixes).
- commit 0f8219d
- blacklist.conf: add bce5963bcb4f
- commit 898778b
- Revert "/xen/balloon: Mark unallocated host memory as UNUSABLE"/
(git-fixes).
- blacklist.conf: remove added patch
- Refresh
patches.suse/0001-Revert-xen-balloon-Fix-crash-when-ballooning-on-x86-.patch.
- commit e16cca1
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL
usage (git-fixes).
- Refresh
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch.
- commit 51c6261
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- rename patch file and move it to the sorted section.
- commit a55d114
- xen/balloon: fix balloon initialization for PVH Dom0
(git-fixes).
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack-take-two.patch.
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack.patch.
- commit 5ba6e04
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit b8c3c6e
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit bfe3d11
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 7a7fe44
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 0d3422a
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit 0c5b296
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit 99af98d
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc567fb
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit c08cb70
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit 0cbe5b2
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit c25f15f
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit c306d38
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit a0adbc7
- xen-blkback: prevent premature module unload (git-fixes).
- commit cf8ca9e
- x86/xen: Return from panic notifier (git-fixes).
- commit 79e25ba
- xen/efi: Set nonblocking callbacks (git-fixes).
- commit c90ddf2
- xen/pciback: remove set but not used variable 'old_state'
(git-fixes).
- commit 9bb95c7
- always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
- commit 0e5993e
- xen/pciback: Check dev_data before using it (git-fixes).
- commit 1cda86e
- kprobes/x86/xen: blacklist non-attachable xen interrupt
functions (git-fixes).
- commit c21b175
- net: xen-netback: fix return type of ndo_start_xmit function
(git-fixes).
- commit 7ad3ae2
- xen/scsiback: add error handling for xenbus_printf (git-fixes).
- commit 7517554
- xen: add error handling for xenbus_printf (git-fixes).
- commit e858168
- xen: xenbus: use put_device() instead of kfree() (git-fixes).
- commit fe0b840
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205908).
- ceph: fix fscache invalidation (bsc#1205907).
- ceph: fix potential race in ceph_check_caps (bsc#1205906).
- ceph: don't skip updating wanted caps when cap is stale
(bsc#1205905).
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
(bsc#1205904).
- ceph: check availability of mds cluster on mount after wait
timeout (bsc#1205903).
- ceph: return -EINVAL if given fsc mount option on kernel w/o
support (bsc#1205902).
- ceph: return -ERANGE if virtual xattr value didn't fit in buffer
(bsc#1205901).
- commit 24952fe
- mm, swap, frontswap: fix THP swap if frontswap enabled
(git-fixes).
- commit 61f5d01
- blacklist.conf: added xen/pvcalls related patches, as driver not in 4.12
- commit f9877af
- xen/grant-table: Use put_page instead of free_page (git-fixes).
- Refresh
patches.suse/xen-gnttab-fix-gnttab_end_foreign_access-without-pag.patch.
- Refresh
patches.suse/xen-grant-table-add-gnttab_try_end_foreign_access.patch.
- commit 5a79925
- xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
- commit e0b8207
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/gntdev: Fix off-by-one error when unmapping with holes
(git-fixes).
- commit 309e553
- xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
- commit c11ca0a
- Refresh
patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch.
- Refresh
patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch.
Update upstream status and move to sorted section.
- commit f034897
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit 3d8bb62
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 1a498e7
- usb: dwc3: gadget: only unmap requests from DMA if mapped
(git-fixes).
- Refresh
patches.suse/0001-usb-dwc3-gadget-Clear-req-needs_extra_trb-flag-on-cl.patch.
- Refresh
patches.suse/usb-dwc3-gadget-never-call-complete-from-ep_queue.patch.
- commit 5538962
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
- PCI: hv: Use struct_size() helper (bsc#1204446).
- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
- commit 8363ff1
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit dd1508b
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit bc92371
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 20328af
- blacklist.conf: Do not backport an intrusive KVM/S390 fix.
- commit dc91df6
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- KVM: s390: fix memory slot handling for
KVM_SET_USER_MEMORY_REGION (git-fixes).
- commit 91dd7c2
- scripts/git_sort/git_sort.py: Add arm-soc for-next tree.
- commit e5f5f10
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit 2d196d4
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit 502b5e0
- blacklist.conf: not enabled
- commit 62afe05
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit e6e2ec1
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit ed9d761
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- Documentation: dm writecache: Render status list as list
(git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- PM: hibernate: fix sparse warnings (git-fixes).
- dm mpath: remove harmful bio-based optimization (git-fixes).
- blk-mq: add callback of .cleanup_rq (git-fixes).
- commit a1e0c0c
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit b1b4277
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit dc177c9
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 86c9eae
- media: mceusb: do not read data parameters unless required
(git-fixes).
- commit a5b2d37
- [media] mceusb: TX -EPIPE (urb status = -32) lockup fix
(git-fixes).
- commit 4fa96ff
- [media] mceusb: RX -EPIPE (urb status = -32) lockup failure fix
(git-fixes).
- commit 4ed839f
- [media] mceusb: fix inaccurate debug buffer dumps, and
misleading debug messages (git-fixes).
- Refresh
patches.suse/media-mceusb-fix-memory-leaks-in-error-path.patch.
- commit dec0bf7
- [media] mceusb: sporadic RX truncation corruption fix
(git-fixes).
- commit e1eba54
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 90f5154
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit 9d86fe0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit c275921
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 92ed14c
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 18f5fc2
- ipv6: use indirect call wrappers for {tcp, udpv6}_{recv,
send}msg() (bsc#1204414 CVE-2022-3567).
- commit ed98ad2
- ipv6: provide and use ipv6 specific version for {recv, send}msg
(bsc#1204414 CVE-2022-3567).
- commit f8fc818
- inet: factor out inet_send_prepare() (bsc#1204414
CVE-2022-3567).
- commit 2f26c25
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1065729).
- commit 4db02b2
- blacklist.conf: Add fixes for unsupported platforms
- commit 05248b6
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit 9676102
- blacklist.conf: Add bd31ecf44b8e KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
- commit ec74f0b
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (git-fixes).
- commit c7f58f1
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- Refresh patches.suse/do-not-default-to-ibrs-on-skl.patch.
- commit ca7c19a
- media: ite-cir: IR receiver stop working after receive overflow
(git-fixes).
- commit 0a8d27b
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
(git-fixes).
- commit 069a7c2
- Update metadata references
- commit 61da8f0
- blacklist.conf: build fix
- commit 42d485b
- media: mceusb: sanity check for prescaler value (git-fixes).
- commit ba3bebc
- blacklist.conf: duplicate
- commit d529ebe
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return
- EAGAIN for nowait (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- bfq: Update cgroup information before merging bio (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: don't delete queue kobject before its children
(git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- nbd: don't update block size after device is started
(git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq
(git-fixes).
- block: respect queue limit of max discard segment (git-fixes).
- null_blk: Fix the null_add_dev() error path (git-fixes).
- brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
- block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
- commit a6dd16c
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
- commit 8b26e24
- blacklist.conf: add 2 pervasive git-fixes
- commit 0bf3c41
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 52db277
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 2ee27a4
- hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
- x86/hyperv: Set pv_info.name to "/Hyper-V"/ (git-fixes).
- hv_netvsc: Sync offloading features to VF NIC (git-fixes).
- commit 4a8a7a9
- net: ethernet: ti: ale: fix seeing unreg mcast packets with
promisc and allmulti disabled (git-fixes).
- commit 940ee30
- net/mlx5: E-Switch, Hold mutex when querying drop counter in
legacy mode (git-fixes).
- commit 2e07a05
- bnxt_en: Free context memory after disabling PCI in probe
error path (git-fixes).
- commit 720cc36
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
(git-fixes).
- commit 9d7339e
- net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
- commit 20e8907
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
Refresh patches.suse/0018-KVM-arm64-Add-templates-for-BHB-mitigation-sequences.patch
Refresh patches.suse/0008-kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
- commit 043a003
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
(git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation
(git-fixes).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
- s390/qeth: vnicc Fix init to default (git-fixes).
- s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
- s390/qeth: fix false reporting of VNIC CHAR config failure
(git-fixes).
- s390/qeth: Fix initialization of vnicc cmd masks during set
online (git-fixes).
- s390/qeth: Fix error handling during VNICC initialization
(git-fixes).
- commit 6e472df
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
(git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
(git-fixes).
- vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
- commit 76839b9
- Refresh
patches.suse/Fix-releasing-of-old-bundles-in-xfrm_bundle_lookup-b.patch.
- commit 374b5d5
- blacklist.conf: cleanup intended to break kABI
- commit c84e993
- usb: chipidea: udc: check request status before setting device
address (git-fixes).
- commit cb47b3a
- usb: musb: Fix suspend with devices connected for a64
(git-fixes).
- commit f48dc12
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
- commit b1650a6
- net: hns3: disable sriov before unload hclge layer (git-fixes).
- commit d345db6
- net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
- commit 48b09a8
- net: hns3: reset DWRR of unused tc to zero (git-fixes).
- commit 8875465
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- commit 0db1cd8
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- commit aefa3aa
- can: rcar_can: fix suspend/resume (git-fixes).
- commit 132b32d
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- commit a0a50ea
- i40e: fix endless loop under rtnl (git-fixes).
- commit 0544181
- phy: mdio: fix memory leak (git-fixes).
- commit a953b17
- Revert "/net: mdiobus: Fix memory leak in __mdiobus_register"/ (git-fixes).
- commit 8056426
- net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
- commit 97ee07d
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- commit 4f15909
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- commit cc79b14
- net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
- commit 09955f8
- net: hns3: check vlan id before using it (git-fixes).
- commit bfc3c2e
- net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
- commit c549aee
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 5162019
- Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 4db2648
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- commit d145d85
- ptp: dp83640: don't define PAGE0 (git-fixes).
- commit ba826c9
- natsemi: sonic: stop calling netdev_boot_setup_check
(git-fixes).
- commit 3ddf5c6
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- commit 590981e
- blacklist.conf: update blacklist
- commit e42313e
- blacklist.conf: update blacklist for git-fixes commits
- commit 3de45db
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit aefe870
- bnxt_en: Clean up completion ring page arrays completely
(git-fixes).
- commit 39641b0
- bnxt_en: Don't use static arrays for completion ring pages
(git-fixes).
- commit 7ae4ad6
- bnxt_en: Increase maximum RX ring size if jumbo ring is not used
(git-fixes).
- commit 8ab9e71
- net: natsemi: Fix missing pci_disable_device() in probe and
remove (git-fixes).
- commit b1e1228
- sis900: Fix missing pci_disable_device() in probe and remove
(git-fixes).
- commit 9b32829
- tulip: windbond-840: Fix missing pci_disable_device() in probe
and remove (git-fixes).
- commit 1916370
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- commit 91f7e82
- net/mlx5: Fix flow table chaining (git-fixes).
- commit 50c9e7c
- NIU: fix incorrect error return, missed in previous revert
(git-fixes).
- commit 697aa31
- ixgbe: Fix packet corruption due to missing DMA sync
(git-fixes).
- commit 523784f
- net: ti: fix UAF in tlan_remove_one (git-fixes).
- commit 0aebd34
- net: qcom/emac: fix UAF in emac_remove (git-fixes).
- commit 5b6315c
- net: moxa: fix UAF in moxart_mac_probe (git-fixes).
- commit cf3a72b
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
(git-fixes).
- commit 9d4ba6f
- igb: Fix position of assignment to *ring (git-fixes).
- commit 3c1202a
- igc: change default return of igc_read_phy_reg() (git-fixes).
- commit df2e2f4
- igc: Fix use-after-free error during reset (git-fixes).
- commit 251ef5a
- virtio_net: move tx vq operation under tx queue lock
(git-fixes).
- commit 90eec50
- vxlan: add missing rcu_read_lock() in neigh_reduce()
(git-fixes).
- commit 156a458
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- commit 8b83e49
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (git-fixes).
- commit 2da1970
- ice: Increase control queue timeout (git-fixes).
- commit 5d9b03d
- blacklist.conf: update blacklist
- commit e370582
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729).
- commit 3b44e8a
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
This new form was added in commit b8c86872d1dc (riscv: fix detection of
toolchain Zicbom support).
- commit e9f2ba6
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- commit cdf529c
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit 7c13cdf
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit da95687
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 10722c0
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 924938c
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: define get_cycles macro for arch-override (git-fixes).
- commit f757324
- blacklist.conf: s390: No need to fix VSIE.
- commit 0194543
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
flag (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
guests (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
- commit 63379a7
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 28012b2
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit 284cbb1
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit fa89806
- blacklist.conf: livepatch: 32-bit only
- commit 4273e1d
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit 2506784
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit 6135eb4
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit b8d4061
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 9169c2c
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit da87a2f
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 56e3837
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit f6b96f7
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 3e65661
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit d91da96
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit a0bbb4b
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit 2dbafe6
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit fda3a5b
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 2778e59
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 3e162e8
- i40e: improve locking of mac_filter_hash (git-fixes).
- commit 143807c
- net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes).
- commit a0ef80c
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- commit 3f4f3ee
- ppp: Fix generating ppp unit id when ifname is not specified
(git-fixes).
- commit 8e47822
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
(git-fixes).
- commit 8d0bcb7
- net: dsa: mt7530: add the missing RxUnicast MIB counter
(git-fixes).
- commit 57a9699
- net: vxge: fix use-after-free in vxge_device_unregister
(git-fixes).
- commit 1d9b679
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit 13c92ff
- net: mvpp2: Put fwnode in error case during ->probe()
(git-fixes).
- commit ec00850
- net/mlx5e: Remove dependency in IPsec initialization flows
(git-fixes).
- commit e587509
- net/mlx4: Fix EEPROM dump support (git-fixes).
- commit ebb3264
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- commit 24bcdc7
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
(git-fixes).
- commit 021da5e
- bnxt_en: Fix RX consumer index logic in the error path
(git-fixes).
- commit f39a791
- net: lapbether: Prevent racing when checking whether the netif
is running (git-fixes).
- commit 4bee41d
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit e0d8a19
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (git-fixes).
- commit cc02dbe
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 8a11cdd
- r8169: fix jumbo packet handling on RTL8168e (git-fixes).
- commit 5965441
- i40e: Fix overwriting flow control settings during driver
loading (git-fixes).
- commit a33b4c7
- i40e: Fix flow for IPv6 next header (extension header)
(git-fixes).
- commit b64f750
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- commit b2e387c
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (git-fixes).
- commit 366a419
- USB: serial: ch341: fix lost character on LCR updates
(git-fixes).
- commit 50da091
- net: amd-xgbe: Reset link when the link never comes back
(git-fixes).
- commit b7ab28e
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (git-fixes).
- commit 183da9c
- bnxt_en: reverse order of TX disable and carrier off
(git-fixes).
- commit d1661a3
- blacklist.conf: update blacklist
- commit 379051a
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 9910802
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- commit a1cf7e6
- Input: gscps2 - check return value of ioremap() in
gscps2_probe() (git-fixes).
- commit 2ec370b
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 0ac14cd
- memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755).
- commit 3f2ce02
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 8a8ede5
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit 2edb1f4
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 0ea44f9
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit be1109d
- USB: serial: ch341: fix lockup of devices with limited prescaler
(git-fixes).
- Refresh
patches.suse/Revert-USB-serial-ch341-add-new-Product-ID-for-CH341.patch.
- Refresh
patches.suse/USB-serial-ch341-sort-device-id-entries.patch.
- commit 4dd7140
- USB: serial: ch341: fix receiver regression (git-fixes).
- commit c932590
- USB: serial: ch341: reimplement line-speed handling (git-fixes).
- commit b324632
- USB: serial: ch341: add basis for quirk detection (git-fixes).
- commit 113d16b
- blacklist.conf: duplicate of b4a64ed6e7b857317070fcb9d87ff5d4a73be3e8
- commit ff064ba
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit ee0dc75
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit ece443c
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- commit d234200
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit cf0c998
- mm, page_alloc: avoid expensive reclaim when compaction may
not succeed (bsc#1204250).
- commit 16163cf
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit d20af40
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 5b67fc6
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit d14e803
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit 92746cd
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ffa0698
- Update metadata references
- commit 090bf0c
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit baac8bc
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit a6ab2c6
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- commit f308a7a
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(git-fixes).
- commit 1416c1e
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- Refresh patches.suse/USB-serial-option-add-Quectel-RM520N.patch.
- commit 891a8cf
- USB: serial: option: add support for OPPO R11 diag port
(git-fixes).
- commit a94c0a4
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- commit b4e5f08
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 0f4a423
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 07bccdc
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit ef2b928
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit a313609
- x86/xen: Remove undefined behavior in setup_features()
(git-fixes).
- commit baac9c4
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8a3b61b
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
(bsc#1200788 CVE-2022-2153).
- commit 661c2ce
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 3a9cc04
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit c6701d7
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 0d160b3
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit b4f4125
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit 95457fb
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203142 LTC#199883).
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (bsc#1203198 LTC#199898).
- commit 8606330
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1203514 CVE-2022-40768).
- commit 73e670f
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 6bd6b60
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 729cf0b
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 95fbcd2
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit 61ed64b
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 469e1ea
- blacklist.conf: ignore unwanted nfs/md patches
- commit 968a253
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
(bnc#1203802).
- commit 51d1632
- nvme: restrict management ioctls to admin (bsc#1203290
CVE-2022-3169).
- commit 9735897
- s390: fix double free of GS and RI CBs on fork() failure
(bsc#1203254 LTC#199911).
- s390/guarded storage: simplify task exit handling (bsc#1203254
LTC#199911).
- commit 33e512e
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit dd58489
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit e991b90
- Revert "/sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)"/
This reverts commit 8d1c33d1ed3d4b198344cf4cf8763447532f6b90
since it breaks the build
- commit 253e49e
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 0516b01
- Revert "/constraints: increase disk space for all architectures"/
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(bsc#1203322 CVE-2022-40307).
- commit 8166d5e
- Add CVE reference on lightnvm removal patch
modified:
- patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 0412b0e
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit b440061
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit d6070f7
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e024e1e
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 88f61a5
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- commit 0429966
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 1828312
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- commit 960c031
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 8e21ba7
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- commit 24dad4e
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- commit 3b41e99
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048)
Backporting notes:
* context changes
- commit f023a62
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1154048)
- commit 6c2117a
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)
Backporting notes:
* context changes
* config update
- commit 8d1c33d
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1129770)
- commit 015493e
- Revert "/video: hgafb: fix potential NULL pointer dereference"/ (bsc#1129770)
Backporting notes:
* test return value of ioremap() and return an error
- commit dfae32b
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
(CVE-2022-41848 bsc#1203987).
- commit 4b5f9dc
- Input: melfas_mip4 - fix return value check in mip4_probe()
(git-fixes).
- commit 327938f
- xhci: bail out early if driver can't accress host in resume
(git-fixes).
- commit 7b6647e
- blacklist.conf: no gadget mode in SLE12
- commit 4ef9a32
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 0686374
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit 6704bc6
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 0c59466
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 80ea4bf
- scsi: qla2xxx: Remove unused declarations for qla2xxx
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 6a1070c
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1203935).
- commit c812e29
- blacklist.conf: Add 1bf4580e00a2 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- commit 2a37e27
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- commit d956a8c
- Input: iforce - constify usb_device_id and fix space before
'[' error (git-fixes).
- commit bfb50de
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path
(git-fixes).
- commit b282bf7
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- commit f6eaf2e
- USB: serial: option: add Quectel RM500K module support.
- commit 981a205
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- commit 3376669
- USB: serial: option: add Telit LE910Cx 0x1250 composition
(git-fixes).
- commit f8d705a
- blacklist.conf: irrelevant in our configurations
- commit c5487ee
- USB: serial: option: add support for Cinterion MV31 with new
baseline (git-fixes).
- commit ce91afd
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
(git-fixes).
- commit 2a4a3b7
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 510678c
- xfs: enable big timestamps (bsc#1203387).
- commit f5ecebd
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(git-fixes).
- commit 4e282b8
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (git-fixes).
- commit 85d64e6
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(git-fixes).
- commit 63072dd
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(git-fixes).
- commit 93c7c8f
- blacklist.conf: irrelevant in our configurations
- commit 1ea4ae1
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit fc09d0c
- blacklist.conf: blacklist commit 02c0cab8e734
- commit 07b2c53
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 21400d8
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
bsc#1203769).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit accf4df
- md: call __md_stop_writes in md_stop (git-fixes).
- Revert "/md-raid: destroy the bitmap after destroying the thread"/
(git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- commit ab754e2
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit a86f7ba
- scripts/CKC: don't output from shopt
shopt outputs the status of the flag, so that git grep looks like:
git grep -qi 'nocasematch off
^References:.*bsc#1202195' remotes/origin/SLE15-SP2-RT -- 'patches.*'
I don't know how it can work (it does -- maybe thanks to ^), but it's
not definitely OK.
So make shopt in term2regex() quiet.
- commit 9ca71fb
- scripts/CKC: store local branches with $USER prefix
So that on shared machines, it can be overwritten when expires.
- commit 1dae151
- scripts/CKC: speed up the git-grep
Search only in patches.*. I.e. skip especially all those large kabi
files.
The speedup is significant:
real 1m28,309s
to:
real 0m57,260s
- commit 2ea817a
- scripts/CKC: simplify print_branch
AFAIU, it's simply:
printf "/%-23s"/
- commit ec10bb9
- scripts/CKC: test accepts only =, not ==
And put $1 into "/"/ too.
- commit acae7f9
- scripts/CKC: Don't use empty branches file
Don't use it and don't write neither.
- commit 311b204
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit a71ecee
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit de56df3
- xfs: preserve default grace interval during quotacheck
(bsc#1203387).
- commit 32fdbbb
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 231362a
- blacklist.conf: add several SCSI commits to black list
- commit 82ee683
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit b210a45
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit ea13b52
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit 31e0e71
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit 852ad51
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit 0ca10b2
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit fdfb081
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 480b158
- media: em28xx: initialize refcount before kref_get
(CVE-2022-3239 bsc#1203552).
- commit 477c587
- xfs: account finobt blocks properly in perag reservation
(bsc#1203387).
- commit 2390201
- powerpc: Use device_type helpers to access the node type
(bsc#1203424 ltc#199544).
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-update-code.patch.
- commit b1e0425
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 5d51965
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- Refresh for the above patch added in,
blacklist.conf: remove the above patch from blaclist.conf
patches.suse/0034-dm-verity-add-check_at_most_once-option-to-only-vali.patch.
- commit 1b3d265
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit b644c0f
- Update references:
- patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
- patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
- patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
- patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
- patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
- patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
- patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
(add CVE-2022-32296 bsc#1200288)
- commit 97c264a
- x86/bugs: Reenable retbleed=off
While for older kernels the return thunks are statically built in and
cannot be dynamically patched out, retbleed=off should still be possible
to do so that the mitigation can still be disabled on Intel who don't
use the return thunks but IBRS.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit e330fc7
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
(bsc#1203462).
- commit b3b2090
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit 39653db
- Update
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
(bsc#1124235), adding back Refernces lost in previous update.
- commit 47c6490
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
(git-fixes).
- Refresh patches.suse/scsi-libfc-handling-of-extra-kref.
- commit 27f7754
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit 1fdd74c
- git_sort: Cleanup series_insert test setup and add test for patch with
missing headers
- commit 05c630d
- scsi: ch: Make it possible to open a ch device multiple times
again (git-fixes).
- Refresh
patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch.
- Replace/Refresh
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
("/scsi: ch: fixup refcounting imbalance for SCSI devices"/)
with actual upstream version of this commit, which makes it apply
correctly (it was just a "/submitted"/ version)
- commit cb2ed7c
- scripts/python/suse_git/header.py: Catch the use of "/Not yet, submitted"/
Also add a test case for it.
For submitted patches, you should use "/Patch-mainline: Submitted"/
rather than "/Not yet, submitted"/. Enforce this in check-patchhdr so
that such mistakes are caught earlier.
- commit 475b64b
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (git-fixes).
- commit 6d3bb9f
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 85ce439
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit a67ea91
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit ed06fa8
- scsi: lpfc: Check the return value of alloc_workqueue()
(git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
(git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- Revert "/scsi: sd: Keep disk read-only when re-reading partition"/
(git-fixes).
- scsi: core: Avoid that a kernel warning appears during system
resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning
(git-fixes).
- commit 2cdb167
- scripts/CKC: Search also CVE and generic references
Sometimes it's useful to check that references exits, not the commit
itself.
- commit c34e0ed
- scripts/CKC: Make checker more specific
- commit 5cdb9a3
- scripts/CKC: Make checker script download branches.conf
Requires curl, downloads and caches the branches.conf file.
- commit e7c8885
- cifs: clean up an inconsistent indenting (bsc#1190317).
- commit 84e7187
- scripts/CKC: Modify check-kernel-commit to parse branches.conf
Thus we can use the same source of truth.
- commit 0c2b4b3
- git_sort: Check if Patch-mainline tag exists
If Patch-mainline and Git-commit tags are missing in the patch, sort script
will fail with:
IndexError: list index out of range
This change ensures that Patch-mainline tag is present and if not, raise
an error to warn the user.
- commit 10d17a7
- scripts: Add helper script to search commit presence in kernel-source
The helper can have various uses. Checking for CVE patches is on of the
existing use cases.
This version of the script relies on file with branches to check.
It will be modified to be interoperable with branches.conf.
- commit 809939e
- Update
patches.suse/mm-rmap.c-don-t-reuse-anon_vma-if-we-just-want-a-copy.patch
(git-fixes, bsc#1203098).
- commit 3881fc3
- x86: link vdso and boot with -z noexecstack
- -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
(bsc#1203200).
- commit 7e1d602
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188, bsc#1203107).
- commit 7df6276
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
bsc#1202097).
- commit 7253cd6
- git_sort: update netfilter repositories
The official URL of netfilter repositories (nf and nf-next) was changed by
mainline commit 1f6339e034d5 ("/MAINTAINERS: netfilter: update git links"/)
and the old repositories (with "/pablo"/) have not been updated since
May 2022.
- commit 33c6a43
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- commit 8addcab
- MyBS: Fix upload to OBS.
When a cookie is received and SSH authentication is not used osc_wrapper
crashes with message:
Can't use an undefined value as a symbol reference at MyBS.pm line 290.
Fix this by not trying to save cookies for plain authentication.
- commit fc4c81a
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"/find -xtype l"/ will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972)
- commit da5fa15
- cifs: move from strlcpy with unused retval to strscpy
(bsc#1190317).
- commit bb4c21d
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
(bsc#1190317).
- commit f2b9741
- cifs: remove unused server parameter from calc_smb_size()
(bsc#1190317).
- commit c52dabc
- cifs: Do not use tcon->cfid directly, use the cfid we get from
open_cached_dir (bsc#1190317).
- commit ed7d7cd
- cifs: fix lock length calculation (bsc#1190317).
- commit 704a256
- cifs: alloc_mid function should be marked as static
(bsc#1190317).
- commit 1cd087c
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
(bsc#1190317).
- commit 7d1a646
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- commit 39cdb6e
- cifs: remove remaining build warnings (bsc#1190317).
- commit bb9d34f
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- commit 36dc5c1
- cifs: remove minor build warning (bsc#1190317).
- commit 99f07da
- cifs: remove some camelCase and also some static build warnings
(bsc#1190317).
- commit 12a6e0e
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- commit 042656d
- cifs: remove redundant initialization to variable
mnt_sign_enabled (bsc#1190317).
- commit 5f2fe58
- smb3: check xattr value length earlier (bsc#1190317).
- commit 420acb4
- linux.keyring: Downgrade to older format.
Compatibility with SLE12 SP5.
- commit cd7de7f
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- commit cc50c41
- cifs: return errors during session setup during reconnects
(bsc#1190317).
- commit f26e757
- cifs: fix uninitialized pointer in error case in
dfs_cache_get_tgt_share (bsc#1190317).
- commit 2cd67ba
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- commit 6ad2a16
- cifs: version operations for smb20 unneeded when legacy support
disabled (bsc#1190317).
- commit c14744a
- cifs: when extending a file with falloc we should make files
not-sparse (bsc#1190317).
- commit 722a067
- smb3: check for null tcon (bsc#1190317).
- commit 19827ce
- cifs: return the more nuanced writeback error on close()
(bsc#1190317).
- commit 21102b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
(bsc#1190317).
- commit 55e93f1
- smb3: don't set rc when used and unneeded in query_info_compound
(bsc#1190317).
- commit b7a8710
- cifs: smbd: fix typo in comment (bsc#1190317).
- commit 0fd8d36
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1190317).
- commit 18a7023
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- commit cebd44b
- cifs: move definition of cifs_fattr earlier in cifsglob.h
(bsc#1190317).
- commit de5bdb2
- tar-up.sh: Include kernel signature in OBS upload.
It is not clear that OBS can handle uncompressed tar signatures but it
can still be verified manually.
- commit cb24650
- scripts: Verify tarball signature before use.
While there are Linux tarballs provided in standard location on many
machines it is not clear where these mirrors are mounted from, how
secure was the mirroring proccess, and the storage itself.
For local testing it is faster to use git but for OBS builds we want
the upstream tarballs to get bit-identical tarball files, and then we
also want the verification to ensure integrity of the mirror.
xz compressions is not completely deterministic, and while the tarball
content should be the same the bit representation varies. When
uploadiong to OBS it is desirable to use bit-identical files to prevent
OBS storing multiple big files with the same content inside but not
apparently identical.
- commit a075c40
- module: change to print useful messages from
elf_validity_check() (git-fixes).
- commit aa3765e
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit 99976e2
- module: harden ELF info handling (git-fixes).
- Refresh
patches.suse/0001-module-warn-if-module-init-probe-takes-long.patch.
- Delete
patches.suse/0005-modsign-print-module-name-along-with-error-message.patch
(info->mod->name is no longer available in module_sig_check() due to
the backported patch).
- commit 6bb95a5
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1190317).
- commit ef2c03a
- SMB3: EBADF/EIO errors in rename/open caused by race condition
in smb2_compound_op (bsc#1190317).
- commit 1850f8f
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- commit a9f06fa
- cifs: fix NULL ptr dereference in refresh_mounts()
(bsc#1190317).
- commit 67eb87c
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- commit 60e64c6
- cifs: verify that tcon is valid before dereference in
cifs_kill_sb (bsc#1190317).
- commit 2548aaa
- cifs: potential buffer overflow in handling symlinks
(bsc#1190317).
- commit 4a3401c
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- commit a7766a9
- cifs: release cached dentries only if mount is complete
(bsc#1190317).
- commit 0e4cc46
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- commit 396d99d
- cifs: remove check of list iterator against head past the loop
body (bsc#1190317).
- commit 53771a6
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(bsc#1190317).
- commit 4dc7010
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
(bsc#1190317).
- commit d9eafa4
- cifs: change smb2_query_info_compound to use a cached fid,
if available (bsc#1190317).
- commit 8153d9b
- cifs: convert the path to utf16 in smb2_query_info_compound
(bsc#1190317).
- commit feab50e
- cifs: we do not need a spinlock around the tree access during
umount (bsc#1190317).
- commit 3cf620b
- cifs: fix handlecache and multiuser (bsc#1190317).
- commit 61380d0
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1190317).
- commit 33643f3
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1190317).
- commit 96ae468
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1190317).
- commit dd406c0
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- commit 063a3b9
- cifs: mark sessions for reconnection in helper function
(bsc#1190317).
- commit 145a355
- Fix a warning about a malformed kernel doc comment in cifs
(bsc#1190317).
- commit 5777710
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
path is empty (bsc#1190317).
- commit 11e7725
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- commit 2dd27f0
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- commit ec6873e
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
(bsc#1190317).
- commit c2c268e
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- commit f5d8a69
- cifs: fix ntlmssp auth when there is no key exchange
(bsc#1190317).
- commit 0965ebd
- MyBS: Avoid lock recursion in certificate check
SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
CA certificate as the SSL trust root.
Check that the error is caused by bad certificate, and don't handle
other errors so that users can see authentication errors correctly.
Also unlock the cookie storage in case the problem is resolved with
using the built-in certificate.
- commit 21d6a61
- MyBS: Save hoarded cookies to disk
The performance of the OBS SSH authentication system is very bad, and
can be overwhelmed by about 1 authentication/s.
With osc saving cookies to disk this is not seen as problem.
Saving cookies to disk in MyBS should work around the authentication
system performance problem until it's resolved.
The design ensures that processes competing for authentication use the
same cookie once one become available rether than authenticating
independently, overwhelming the authentication service.
- Reading cookie file is lockless, file update atomic with mv
- Requesting auth & writing out obtained cookie is locked
- To be able to break stale lock the lockfile is empty, cookie is saved
to a separate tmeporary file
Cookie file contains the whole Set-Cookie header content. It would be
possible to add support for multiple cookies but OBS only ever sets one
cookie so multiple cookies are not supported.
- commit 37ed7ba
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- Add dtb-starfive
- commit 85335b1
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit a90bbcf
- scripts/wd-functions.sh: fix get_branch_name() in worktree
Instead of using a hard-coded path for the git directory, use git
rev-parse with --git-dir flag, introduced since 0.99.7, to find the git
directory so branch name can be correctly detected while in git
worktrees.
- commit 283838a
- Add dtb-microchip
- commit c797107
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- commit 52a1ad7
- krb5
-
- Update logrotate script, call systemd to reload the services
instead of init-scripts; (bsc#1206152);
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bsc#1205126);
- Added patches:
* 0126-Fix-integer-overflows-in-PAC-parsing.patch
- libX11
-
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
* fixes regression introduced with security update for
CVE-2022-3555 (bsc#1204425, bsc#1208881)
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
* security update for CVE-2022-3555 (bsc#1204425)
- libXpm
-
- U_regression2-bug1207029_1207030_1207031.patch
* second regression fix: Use gzip -d instead of gunzip
- U_regression-bug1207029_1207030_1207031.patch
* regression fix for above patches
- U_0000-Update-README-for-gitlab-migration.patch
* needed by U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
* needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
* libXpm: Infinite loop on unclosed comments (CVE-2022-46285,
bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
* libXpm: Runaway loop on width of 0 and enormous height
(CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
* libXpm: compression commands depend on $PATH (CVE-2022-4883,
bsc#1207031)
- libdb-4_8
-
- Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
* Backport the upsteam commits:
- Fixed several possible crashes when running db_verify
on a corrupted database. [#27864]
- Fixed several possible hangs when running db_verify
on a corrupted database. [#27864]
- Added a warning message when attempting to verify a queue
database which has many extent files. Verification will take
a long time if there are many extent files. [#27864]
* Add libdb-4_8-CVE-2019-2708.patch
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
- liblogging
-
- Use %license instead of %doc [bsc#1082318]
- fix SLE 12 build
- Use python3 version of rst2man when available
- Run spec-cleaner
- liblogging 1.0.6:
* fix small memory leaks in libstdlog
* enhancement: sigsafe_printf now recognizes the "/j"/ length
modifier
* fix: build_file_line and build_syslog_frame call the
__stdlog_print_* functions incorrectly
* Implement a STDLOG_PID option
* bugfix: potentialSEGV in the stdlog_sigsafe_string formatter
if NULL pointer was passed in
* bugfix: stdlog_sigsafe_printf mis-handles an int or unsigned
int
* build system: auto-detect presence of journal libraries
- When building with systemd-journal support, only buildrequire
pkgconfig(libsystemd-journal) on openSUSE 13.1. On newer
versions, buildrequrie pkgconfig(libsystemd). The sublibaries have
been merged in version 209 (13.2 shipped systemd 210).
- make the suse_version portable
- fix broken conditional with sles_version macro
- Remove redundant ldconfig requires
- liblogging 1.0.5:
+ cleanup for systemd-journal >= 209
+ bugfix: date stamp was incorrectly formatted
- libtasn1
-
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
- libtirpc
-
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
connections (bsc#1201680)
- backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libvirt
-
- cpu_map: Drop pconfig from Icelake-Server CPU model
dbc04114-cpu_x86-Require-cpuid-within-feature-in-CPU-map.patch,
3673269e-cpu_x86-Introduce-virCPUx86DataItem-container-struct.patch,
c02d70d5-cpu_x86-Rename-virCPUx86Vendor.cpuid.patch,
6c22b329-cpu_x86-Rename-virCPUx86DataItem-variables.patch,
5655b831-cpu_x86-Rename-x86DataCpuidNext-function.patch,
609f467f-cpu_x86-Rename-x86DataCpuid.patch,
95accfa7-cpu_x86-Rename-virCPUx86CPUIDSorter.patch,
ce420425-cpu_x86-Rename-virCPUx86DataAddCPUIDInt.patch,
8f1a8ce3-cpu_x86-Rename-virCPUx86DataAddCPUID.patch,
3eff71a2-cpu_x86-Rename-virCPUx86VendorToCPUID.patch,
0fdc0ad8-cpu_x86-Simplify-x86DataAdd.patch,
559ccd78-cpu_x86-Introduce-virCPUx86DataCmp.patch,
9c6f00fc-cpu_x86-Make-x86cpuidSetBits-more-general.patch,
4e3cab2d-cpu_x86-Make-x86cpuidClearBits-more-general.patch,
da1efddf-cpu_x86-Make-x86cpuidAndBits-more-general.patch,
2eea67a9-cpu_x86-Make-x86cpuidMatchMasked-more-general.patch,
10b80165-cpu_x86-Make-x86cpuidMatch-more-general.patch,
370177e2-cpu_x86-Store-virCPUx86DataItem-content-in-union.patch,
fcf4846a-cpu_x86-Add-support-for-storing-MSR-features-in-CPU-.patch,
e17d1038-cpu_x86-Move-CheckFeature-functions.patch,
0a97486e-cpu_x86-Fix-placement-of-CheckFeature-functions.patch,
32f577ab-cpu_x86-Fix-placement-of-CheckFeature-functions.patch,
b1286526-qemu-Drop-qemuFeatureNoEffect.patch,
955fd6e7-qemu_process-Drop-cleanup-label-from-qemuProcessUpda.patch,
c145b660-cpu_conf-Introduce-virCPUDefFilterFeatures.patch,
0b763774-qemu-Filter-CPU-features-in-active-XML.patch,
4e6f58b8-conf-Introduce-virCPUDefCheckFeatures.patch,
b8e086a5-cpu_x86-Turn-virCPUx86DataIteratorInit-into-a-functi.patch,
bcfed7f1-cpu_x86-Introduce-virCPUx86FeatureFilter-MSR.patch,
668797dc-cpu_conf-Pass-policy-to-CPU-feature-filtering-callba.patch,
ac34e141-qemu-Drop-disabled-CPU-features-unknown-to-QEMU.patch,
9cd03f79-cpu_map-Drop-pconfig-from-Icelake-Server-CPU-model.patch,
2816fe2e-qemu-fix-NULL-ptr-deref.patch
bsc#1203536
- libxml2
-
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- libxslt
-
- Security Fix: [bsc#1208574, CVE-2021-30560]
* Use after free in Blink XSLT
* Add libxslt-CVE-2021-30560.patch
- Fix broken license symlink for libxslt-tools [bsc#1203669]
- libzypp
-
- properly reset range requests (bsc#1204548)
- version 16.22.5 (0)
- Fix package signature check (bsc#1184501)
- lvm2
-
- LVM volume groups are not being cleaned up after kiwi image build (bsc#1142550)
+ bug-1142550_02-LVM-vg-are-not-being-cleaned-up-after-kiwi-image-build.patch
- mozilla-nspr
-
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function.
- mozilla-nss
-
- update to NSS 3.79.4 (bsc#1208138)
* Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
(CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
(bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
* Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
(CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
called when the repeat integrity check fails (bsc#1198980).
- update to NSS 3.79.2 (bsc#1204729)
* bmo#1785846 - Bump minimum NSPR version to 4.34.1.
* bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken
builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
longer symmetric keys via the service level indicator
(bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
when both NSS_FIPS and /proc FIPS mode are enabled.
- multipath-tools
-
- Use %tmpfiles_create macro for tmpfiles.d file
- Update to version 0.7.9+232+suse.cbc3754:
* Fix multipathd authorization bypass and symlink attack
(bsc#1202739 CVE-2022-41973 CVE-2022-41974)
* add multipath-dracut.conf: dracut config file to install
tmpfiles.d/multipath.conf in initramfs
- Update to version 0.7.9+229+suse.a7d71062:
* Avoid linking to libreadline to avoid licensing issue
(bsc#1202616)
- Update to version 0.7.9+208+suse.8c8dded:
* libmultipath: use uint64_t for sg_id.lun (bsc#1187534)
- net-snmp
-
- Fixed NULL pointer exception issue when handling ipDefaultTTL or
pv6IpForwarding (bsc#1205148, CVE-2022-44793, bsc#1205150, CVE-2022-44792).
- Fixed potential bad free and changed usage of strtok to strtok_r to
avoid a race condition (bsc#1198059).
add:
* net-snmp-5.7.3-disallow_SET_requests_with_NULL_varbind.patch
* net-snmp-5.7.3-fix-potential-bad-free.patch
* net-snmp-5.7.3-use-strtok_r-for-strtok.patch
- removed hard libopenssl-devel requirement (bsc#1203572)
- nfs-utils
-
- Add 0202-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
Allow server scope to be set - removes the need to run nfsd
inside a private UTS namespace for fail-over applications
(bsc#1203746)
- 0201-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- openldap2
-
- bsc#1203320 - Resolve broken symlinks in documentation
- openssh
-
- Add -Y option (jsc#SLE-24949)
+ openssh-More-BSD-compat-functions-recallocarray-getpagesize-.patch
+ openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch
+ openssh-New-option-parsing-functions.patch
+ openssh-ssh-keygen-ssh-agent-intergration.patch
+ openssh-test-updates.patch
+ openssh-test-fixups.patch
+ openssh-Add-ssh-keygen-Y-option-sshsig.patch
- Ship added protocol file as documentation.
- Refresh openssh-7.2p2-gssapi_key_exchange.patch: fix up tests broken by gssapi
- Run tests during build
- cycle patches through git, use autopatch.
- openssl-1_0_0
-
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- openssl-Groundwork-for-a-perl-based-testing-framework.patch
- openssl-Add-recipes-for-the-larger-protocols.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add openssl-CVE-2022-4304.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- openssl-1_1
-
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
* Double free after calling PEM_read_bio_ex()
* Add patches:
- openssl-CVE-2022-4450-1of2.patch
- openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- pacemaker
-
- cts-scheduler: update test for preventing inactive instances from starting if probe is unrunnable on any nodes (bsc#1206263)
* bsc#1206263-0006-Test-cts-scheduler-update-test-for-preventing-inacti.patch
- scheduler: prevent inactive instances from starting if probe is unrunnable on any nodes (bsc#1206263)
* bsc#1206263-0005-Fix-scheduler-prevent-inactive-instances-from-starti.patch
- libpacemaker: ensure any pending recurring monitor gets updated if it fails (bsc#1206263)
* bsc#1206263-0004-Fix-libpacemaker-ensure-any-pending-recurring-monito.patch
- cts-scheduler: update test for preventing a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
* bsc#1206263-0003-Test-cts-scheduler-update-test-for-preventing-a-left.patch
- scheduler: prevent a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
* bsc#1206263-0002-Fix-scheduler-prevent-a-leftover-pending-monitor-fro.patch
- cts-scheduler: add test for preventing a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
* bsc#1206263-0001-Test-cts-scheduler-add-test-for-preventing-a-leftove.patch
- Use effective OCF rc-code to avoid increasing failcount for DEGRADED statuses (bsc#1205861)
* bsc#1205861-0002-Fix-Use-effective-OCF-rc-code-to-avoid-increasing-fa.patch
- Accept PCMK_OCF_DEGRADED and PCMK_OCF_DEGRADED_MASTER status codes (bsc#1205861)
* bsc#1205861-0001-Fix-Accept-PCMK_OCF_DEGRADED-and-PCMK_OCF_DEGRADED_M.patch
- tools: prevent possible crm_resource segfaults if multiple commands are specified (bsc#1198409)
* bsc#1198409-0002-Fix-tools-prevent-possible-crm_resource-segfaults-if.patch
- tools: set commands in crm_resource before changing any options (bsc#1198409)
* bsc#1198409-0001-Refactor-tools-set-commands-in-crm_resource-before-c.patch
- controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715)
* bsc#1198715-0001-Log-controller-log-an-info-instead-of-a-warning-for-.patch
- controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759)
* bsc#1196673-0001-Feature-controller-record-CRM-feature-set-as-a-trans.patch
- permissions
-
* fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20170707:
- pixman
-
- Add pixman-CVE-2022-44638.patch: avoid an integer overflow
(boo#1205033 CVE-2022-44638).
- python
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
target.
- python-azure-agent
-
- Add paa_12_sp5_rdma_no_ext_driver.patch (bsc#1203181)
- Update to version 2.8.0.11 (bsc#1203164)
+ Enabled support for Fast Track (faster processing of extensions)
+ Add telemetry for VM Size
+ Add telemetry for environment variables passed to extensions
+ Enforce CPU quota on the Agent on Red Hat and CentOS 7.4+
+ Restore all firewall rules needed for communication with the WireServer
+ Fix false positives reporting processes in the Agent's cgroup
+ Fix false errors when collecting debug logs
+ Don't report incorrect CPU usage data
+ Fetching a goal state with empty certificates property
+ Silence goal state fetch errors after 3 logs
+ Change fast track timestamp default from None to datetime.min
+ Retry HGAP's extensionsArtifact requests on BAD_REQUEST status
+ Support for Rocky Linux
+ RHEL 8
+ RHEL 9
+ Preliminary work to enforce CPU quota on extensions
+ Preliminary work for management of agent self-updates [GA Versioning]
+ Add CentOS 7.9 to end-to-end-tests
+ Add Mariner to end-to-end-tests
- 2.8.0.11 followed 2.7.3.0, no intermediate releases
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
- Update to 2.7.3.0 (jsc#PED-1298)
+ Remove proper_dhcp_config_set.patch included upstream
+ Remove sle_hpc-is-sles.patch included upstream
+ Forward port reset-dhcp-deprovision.patch
+ Retry HGAP's extensionsArtifact requests on BAD_REQUEST status #2622
+ Use 'ip' instead of 'ifdown/ifup' to restart network interface on
RHEL >= 8.6 #2612 #2624
- From 2.7.1.0
+ hotfix for OOM errors on the log collector
- From 2.7.0.6
+ Increase time of autoupdates after updates are available #2403
+ Send telemetry when upgrade available #2421
+ Enable collection of debugging information #2436, #2453, #2510
+ Add support for Python 2.6 to the debug info collection code #2452
+ Enable CPU/memory data collection on RedHat and CentOS #2450
+ Exclude end-to-end tests from Agent setup #2396, #2402
+ Fix log message in cgroups management #2427
+ Fix parsing of malformed error.json files #2433
+ Allow DNS queries over TCP #2429
+ Dont exit extension handler process if unable to fetch
first goal state #2440
+ Improvements for Mariner #2407, #2414
+ Add uos support #2420
+ Add support for VMware PhotonOS #2431
- From 2.6.0.2
+ added cloudlinux support (#2344)
+ Enable extensions cpu monitoring (#2357, #2384, #2391)
+ Support Flatcar Container Linux (#2365)
+ Retrieve VmSettings from HostGAPlugin
(#2378, #2382, #2386, #2394, #2397, #2404)
+ Set Agent's CpuQuota to 75% (#2383)
+ Use handler status if extension status is None when computing
the ExtensionsSummary (#2358) (#2361)
+ fix bug with dependent extensions with no settings (#2285) (#2362)
+ Create events dir for handlers if ETP enabled (#2366)
+ Report status even if goal state cannot be processed (#2370)
+ Define ExtensionsSummary.eq (#2371) (#2373)
+ Implement ExtensionsSummary.ne in terms of eq (#2375)
- From 2.5.0.2
+ Enable Extension Telemetry Pipeline (#2337, #2339)
+ Enable Periodic Log Collection in systemd distros (#2295,#2289)
+ Implement InitialGoalStatePeriod parameter + improvements in logging
goal state processing(#2332)
+ Fix operation name in InitializeHostPlugin event(#2338)
+ Mock systemctl stop cmd (#2335)
+ Report transitioning when status file not found (#2330)
+ Dont create default status file for Single-Config extensions (#2318)
+ Do not create placeholder status file for AKS extensions (#2298)
+ Save waagent_status to history folder and add additional details to
the status file (#2325,#2301,#2270)
+ Rename Debug.FetchVmSettings to Debug.EnableFastTrack (#2324)
+ Update HostGAplugin headers before fetching vmSettings (#2323)
+ Handle HTTP GONE in vmSettings request (#2321)
+ Added log statements to debug issues in vmSettings API(#2317)
+ Remove reference to re.IGNORECASE (#2316)
+ Add and remove extension slice (#2315)
+ FastTrack changes (#2314, #2313,#2306, #2304,#2294, #2293)
+ Helper to handle exception message(#2305)
+ Remove trailing spaces from command name (#2296)
+ Add debug info for systemd-run false positives (#2292)
+ Move Github Actions VMs to Ubuntu 18 (#2291)
+ Onboard redhat82, ubuntu20 (#2290, #2279)
+ Allow systemd-run in the Agent's cgroup (#2287)
+ Use handler status if extension status is None (#2358)
+ Bug Fix :Define ExtensionsSummary.ne (#2371)
- From 2.4.0.2
+ Support for Multi config (#2245, #2261)
+ Support sles 15 sp2 distro (#2272)
+ Cleanup history folder every 30 min (#2258)
+ Updated _read_status_file to include a fragment of status file in
the exception (#2257)
+ Fix telemetry unicode errors (Re-add #1937) (#2278)
+ Match IPoIB interface with any alphanumeric characters (#2239)
+ Fix bug with dependent extensions with no settings (#2285)
+ Do not create placeholder status file for AKS extensions (#2298)
+ Refactoring of Agent's main loop (#2275)
+ Exception for Linux Patch Extension for creating placeholder
status file (#2307)
+ Dont create default status file for Single-Config extensions (#2318)
+ Fix bad logging (#2241)
+ Fixed logging of PeriodicOperation (#2263)
+ Log collector broken pipe fix (#2267)
+ Improved logging for Multi config (#2246)
- From 2.3.1.1
+ revert for reducing the time window where we restart the network
interfaces of the VM
- From 2.3.0.2
+ Enforce CPUQuota on agent #2222, #2226
+ Add support for RequiredFeatures and GoalStateAggregateStatus APIs
[#2190], #2206, #2209, #2216
+ Added fallback locations for extension manifests #2188
+ Add missing call to str.format() when creating exception #2193
+ Remove helper network service on deprovision #2191
+ Use a helper script to start the network service #2225 #2253
+ Initialize published_hostname using /var/lib/cloud/data/set-hostname #2215
+ Fix utf logging for persist firewall rules #2237
+ Replace firewall-setup unit file if changed #2236
- From 2.2.54
+ PA changes to check cloud-init (#2061)
+ log collector (#2066)
+ cgroups CPU percentage py processor count (#2074)
+ Parse InVMGoalStateMetaData from Extension Config (#2081)
+ iscsi disk support for agent configs (#2073)
+ Add support for VMs with multiple IB devices (#2085)
+ Python 3.9 support (#2082)
+ Add support for CBL-Mariner distro (#2099)
+ Enable Provisioning.MonitorHostName for Ubuntu (#1934)
+ Added supportedFeatures flag in status reporting (#2089)
+ Parse ext runtime settings (#2087)
+ GHA merge validation (#2097)
+ Cgroups improvements
+ renamed the eventsFolder variable for preview and enabled ETP (#2140)
+ Agent slice and custom unit files telemetry (#2150)
+ Make IPoIB interface online (#2116)
+ Add option to disable NetworkConfigurationChanges (#2156)
+ Log network configuration on service start (#2157)
+ Setup persistent firewall rules on service restart (#2154)
+ switched to using run_command (#2060)
+ fixes for chained-comparison and dangerous-default-value pylint
warnings (#2072)
+ fixed depends on errors (#2059)
+ WireIp env variable added (#2078)
+ Unstick HGAP channel as default (#2046)
+ shellutil.run_command fixes (#2086, #2098)
+ unit test fixes (#2090, #2091, #2108, #2153)
+ fix distro resolution for RedHat (#2083)
+ Read KVP value in binary mode (#2084)
+ Redact protected settings in goal state debug files (#2130)
+ Modify retry logic for empty goal state (#2140)
+ GS no config fix (#2141)
+ CommandExecution.log logrototate config -> custom log management (#2143)
+ binary file for firewall rules (#2147)
+ Refresh host ga plugin periodically (#2155)
+ Disabled custom service (#2166)
+ update test zips (#2167)
- From 2.2.53.1
+ Extension Telemetry Pipeline as a private-preview feature
- From 2.2.53
+ Start exthandler with the same python interpreter (#2007)
+ Verify that the extension status is an array (#2010)
+ Remove enum _UpdateType and retry fetching goal state (#2018)
+ use dd for ext4 as well as xfs (#2042)
+ Fix path for error.json (#2044)
+ Switch to run command changes, + provisioning changes that need to be
reverted. (#2050)
+ Fix timestamp for goal state archive (#2051)
+ Case insensitive parsing or Plugins and PluginSettings (#2054)
+ Revert "/Fixed delays for HTTP retries rather than exponential
delays (#1967)"/ (#2065)
+ Fixed bug causing "/MAC verified OK"/ message (#2069)
+ Revert unicode fix manually (#1937) (#2070)
+ Recreate handler environment file on service startup (#1960)
+ Add log collection tool and thread (#1987)
+ Thread interface (#1990)
+ Verify that the CPU and Memory cgroups for the agent are properly
initialized; disabled cgroups if they are not active. (#2015)
+ SUSE config: use Btrfs LZO compression for ResourceDisk (#2055)
+ Extension telemetry pipeline (#1918)
+ Reformatted the heartbeat event (#2009)
+ Add LIS version to OSInfo.message (#2011)
+ One thread for telemetry (#2019)
+ Limit description character length sent for health report (#2020)
+ Remove Serial Console Logging (#2028)
+ Echo log to /dev/console during provisioning (#2043)
+ Adding telemetry for logrotate (#2045)
+ Report placeholder extension status as an array (#2068)
+ Fix broken link in readme (#2014)
+ Add log collector flags to README (#2029)
- From 2.2.52
+ Do not retrieve users in each goal state (#1935)
+ Fix check for systemd-run failure when invoking extensions (#1943)
+ Fix telemetry unicode errors (#1937)
+ Uninstall unregistered extensions (#1970)
+ Use run_command to execute iptables (#1944)
+ Use run_command for ip route (#1958)
+ Fix handling of gen2 disks with udev rules (#1954)
+ Add API for uploading logs via host plugin (#1902)
+ Fixed delays for HTTP retries rather than exponential delays (#1967)
+ Resolve undefined variable (#1950)
+ Convert owner uid to string (#1949)
+ Fix Travis special checks for distro and remove useless cgroup tests (#1959)
+ Use tmp_dir instead of data_dir (#1968)
- Removed %config flag for files in /usr directory.
- Cleanup spec file:
- - Removed %{_distconfdir}/logrotate.d from dirlist. It will be
handled by package filelist now.
- - %{_distconfdir}/logrotate.d/* can be changed by vendor only.
So it will be replaced by an RPM update.
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
- require python-rpm-macros to fix build for TW
- do not require test dependencies for build, they are not needed
(no testsuite run in %check)
- python-base
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
target.
- python-parallax
-
- Fix: manager: file descriptor leakage (bsc#1205116) (jsc#ECO-2035)
- Release 1.0.8
- Release 1.0.7
- Remove patches since already included:
Remove patch 0001-Add-ssh_key-option-used-by-i-option-of-ssh-scp.patch
Remove patch 0002-Change-format-of-scp-command-for-ipv6-compatible.patch
Remove patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
Remove patch 0004-Fix-Error-inherit-from-Exception-instead-of-BaseExce.patch
Remove patch 0005-Dev-add-parallax.run-to-return-non-zero-rc-without-r.patch
- Dev: add parallax.run() to return non-zero rc without raising exceptions
Add patch 0005-Dev-add-parallax.run-to-return-non-zero-rc-without-r.patch
- Fix: Error: inherit from Exception instead of BaseExceptin
Add patch 0004-Fix-Error-inherit-from-Exception-instead-of-BaseExce.patch
- Don't use ssh if command running on local (bsc#1200833)
Add patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
- Change format of scp command for ipv6 compatible(bsc#1174894)
Add patch 0002-Change-format-of-scp-command-for-ipv6-compatible.patch
- Add ssh_key option used by -i option of ssh and scp(bsc#1169581)
Add patch 0001-Add-ssh_key-option-used-by-i-option-of-ssh-scp.patch
- Release 1.0.6
- Replace preexec_fn as start_new_session
- No need to mask signals for subprocess call
- python-py-doc
-
- Add patch CVE-2022-42969-remove-svn-traces.patch:
* Stop using or advertising svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Remove the _path testing configuration file too, so the testsuite runs.
(bsc#1208181)
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- python-setuptools
-
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
(ReDoS) in package_index.py.
bsc#1206667
- python-wheel
-
- Add wheel_cve_2022_40898.patch (bsc#1206670)
+ Update regular expression to parse wheel data, CVE-2022-40898
- python3
-
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- python3-base
-
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- python3-lxml
-
- Add patch CVE-2021-28957-prevent-formaction.patch:
* Sanitize HTML5 formaction attributes to prevent an XSS
(bsc#1184177, CVE-2021-28957)
- python36
-
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
email.generator.py from replacing a non-existent header
(bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- release-notes-sles
-
- 12.5.20220930 (tracked in bsc#933411)
- Added note about /var/run volatility (jsc#SLE-5601)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Updated LibreOffice note (jsc#SLE-24441)
- Updated Java 1.7 lifecycle (jsc#PED-2073)
- 12.5.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-2073)
- resource-agents
-
- ECO: Maint: Remove ocf_heartbeat_ZFS (jsc#PED-2841)
Add patch:
remove-zfs-support.patch
- SAPInstance can break if kill.sap includes unexpected content.
(bsc#1206100)
Include upstream patch:
1825.patch
- ECO: Maint: AWS EFS Support in Filesystem OCF required
(jsc#PED-2794)
Include upstream patch:
0001-Filesystem-Add-support-for-Amazon-EFS-mount-helper.patch
- Pacemaker should provide a dynamic option to specify a logfile
(jsc#PED-121)
Add upstream patch:
1739.patch
- DB2 HADR resource-agents bug (bsc#1203758)
Add patches:
0001-db2-HADR-add-STANDBY-REMOTE_CATCHUP_PENDING-DISCONNE.patch
0001-db2-add-PRIMARY-REMOTE_CATCHUP_PENDING-CONNECTED-sta.patch
- ECO: Maint: Azure Events RA can not handle AV Zones (jsc#PED-2000)
Add upstream patch:
0001-azure-events-az-new-resource-agent-1774.patch
- rpm
-
- backport pgp hardening changes from upstream [bsc#1185299]
new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try to acquire the
database lock [bsc#1183659]
new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
[CVE-2021-20271] [CVE-2021-20266]
[bsc#1183543] [bsc#1183545] [bsc#1183632]
new patch: headerchk3.diff
- backport fixes for various format handling bugs [bsc#996280]
new patch: formatbugs.diff
- rsync
-
- Add support for --trust-sender parameter (patch by Jie Gong in
bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
* Added patch rsync-CVE-2022-29154-trust-sender-1.patch
* Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- salt
-
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Added:
* ignore-extend-declarations-from-excluded-sls-files.patch
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Added:
* include-stdout-in-error-message-for-zypperpkg-561.patch
- Fix state.apply in test mode with file state module
on user/group checking (bsc#1202167)
- Added:
* fix-state.apply-in-test-mode-with-file-state-module-.patch
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Added:
* retry-if-rpm-lock-is-temporarily-unavailable-547-551.patch
- samba
-
- CVE-2022-38023: Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)
- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)"/) at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- sapconf
-
- version update from 5.0.4 to 5.0.5
- adapt check of an active saptune service during the initial
package installation to work in a chroot environment and fix the
missing enablement of sapconf.
(bsc#1190736, bsc#1190787)
- sg3_utils
-
- Update to version 1.43+48.63a5696:
* sg_turs: do not report error for standby or unavailable ports
(bsc#1186628)
* drop 55-scsi-sg3_id.rules-fix-SCSI_IDENT_LUN_NAA_EXT-case.patch
(now included in git tarball)
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- sudo
-
- Added sudo-CVE-2023-22809.patch
* CVE-2023-22809
* bsc#1207082
* Prevent '--' in the EDITOR environment variable which can allow
users to edit sensitive files as root.
- Modified sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Fixes crash while using sssd plugin caused by regression
introduced by this patch
* bsc#1206170
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- Modified sudo-sudoers.patch
* bsc#1177578
* Removed redundant and confusing 'secure_path' settings in
sudo-sudoers file.
- Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Ignore entries when converting LDAP to sudoers. Prevents empty
host list being treated as "/ALL"/ wildcard.
* bsc#1201462
* Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e
- supportutils
-
- Changes to supportconfig version 3.0.11
+ Added _sanitize_file and applied it as needed (bsc#1203818)
- supportutils-plugin-ha-sap
-
- Update to version 0.0.4+git.1663748456.ad13e75:
* fix basic support for saptune
add saptune version 3 awareness and add a hint for the new
saptune supportconfig plugin delivered within the saptune
package >= 3.x
(bsc#1203202)
* change release status of the project
- sysstat
-
- Sysstat requires cron in SLE [related to bsc#1202473]
- systemd
-
- Import commit 284594087815b5a621c9cbdfd7fde382c3fa110e
408bdd5b5c units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
c9d71f32e9 vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode)
36cea26f87 vconsole-setup: add more log messages
ed5157ad87 units: restore Before dependencies for systemd-vconsole-setup.service
e9ae2bacc4 vconsole-setup: add lots of debug messages
40b348e753 Add enable_disable() helper
33ac2fa67a vconsole: correct kernel command line namespace
41e28b24d6 vconsole: Don't do static installation under sysinit.target
d5a5e14c0b vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636)
4e62cab082 vconsole: updates of keyboard/font loading functions
8fd6316be5 vconsole: Add generic is_*() functions
a755ea98ec vconsole: add two new toggle functions, remove old enable/disable ones
9ca3cfe2aa vconsole: copy font to 63 consoles instead of 15
7ddfcaab83 vconsole: add log_oom() where appropriate
8d61f5bde5 vconsole-setup: Store fonts on heap (#3268)
6efe43abe2 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
1f09db3094 errno-util: add new errno_or_else() helper
- Drop 5000-errno-util-add-new-errno_or_else-helper.patch
5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
They have been integrated in SUSE/v228, see above.
- Disable coredump support when building the mini flavor to avoid pulling in
elfutils as some elf macro definitions are now needed by coredump.c
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-errno-util-add-new-errno_or_else-helper.patch
Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
- Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234
e4ba341080 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
20743c1a44 logind: fix crash in logind on user-specified message string
b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent
2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
3d3bd5fc8d systemd --user: call pam_loginuid when creating user@.service (#3120) (bsc#1198507)
4b56c3540a parse-util: introduce pid_is_valid()
aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244)
- Rebase 0001-logind-unmount-runtime-path-in-a-dedicated-process.patch
- tar
-
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436-1.patch
* bsc1202436-2.patch
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
results in use of uninitialized memory for a conditional jump
(CVE-2022-48303, bsc#1207753)
* fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-fix-no-overwrite-dir.patch
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- tcl
-
- [bsc#1206623], tcl-string-compare.patch:
Fix [string compare -length] on big endian and improve
[string equal] on little endian.
- Fix a race condition in test socket-13.1
(tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
sqlite3 to have only a single copy and keep it more up to date
(bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
- telnet
-
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
(CVE-2022-39028, bsc#1203759)
CVE-2022-39028.patch
- tiff
-
- security update:
* CVE-2022-48281 [bsc#1207413]
+ tiff-CVE-2022-48281.patch
- security update:
* CVE-2022-3570 [bsc#1205422]
* CVE-2022-3598 [bsc#1204642]
+ tiff-CVE-2022-3598,3570.patch
- security update:
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645]
+ tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643]
+ tiff-CVE-2022-3599.patch
* CVE-2022-3970 [bsc#1205392]
+ tiff-CVE-2022-3970.patch
- security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971]
+ tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
* CVE-2022-2867 [bsc#1202466]
* CVE-2022-2868 [bsc#1202467]
* CVE-2022-2869 [bsc#1202468]
+ tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
Rename tiff-CVE-2022-0561.patch to
tiff-CVE-2022-0561,CVE-2022-34266.patch
This CVE is actually a duplicate.
- security update:
* CVE-2022-34526 [bsc#1202026]
+ tiff-CVE-2022-34526.patch
- timezone
-
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- util-linux
-
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- util-linux-systemd
-
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- vim
-
- Updated to version 9.0 with patch level 1386, fixes the following security problems
* Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
* Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
* Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
* Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
* Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
* Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
* Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
* Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
* Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
* Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
* Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
* Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
* Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
* Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
* Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.0814...v9.0.1234
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- missing-vim-client: removed
- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch)
- source correct suse.vimrc file (boo#1182324)
- stop owning /etc/vimrc so the old, distro provided config actually
gets removed. Leaving it around leads to a duplicated autocmd for
* .spec, leading to spec file template inserted twice.
- own some dirs in vim-data-common so installation of vim-small
doesn't leave not owned directories (boo#1173256).
- Add vi as slave to update-alternatives so that every package
has a matching "/vi"/ symlink (bsc#1174564, boo#1176549).
- Removed patches:
* disable-unreliable-tests-arch.patch
* CVE-2016-1248.patch
* CVE-2017-5953.patch
* CVE-2017-6349.patch
* CVE-2017-6350.patch
* restrict-shell-commands.patch
* source-check-sandbox.patch
* vim-8.0.1568-CVE-2021-3778.patch
* vim-8.0.1568-CVE-2021-3796.patch
* vim-8.0.1568-CVE-2021-3872.patch
* vim-8.0.1568-CVE-2021-3927.patch
* vim-8.0.1568-CVE-2021-3928.patch
* vim-8.0.1568-CVE-2021-3984.patch
* vim-8.0.1568-CVE-2021-4019.patch
* vim-8.0.1568-CVE-2021-4193.patch
* vim-8.0.1568-CVE-2021-46059.patch
* vim-8.0.1568-CVE-2022-0319.patch
* vim-8.0.1568-CVE-2022-0351.patch
* vim-8.0.1568-CVE-2022-0361.patch
* vim-8.0.1568-CVE-2022-0413.patch
* vim-8.0.1568-globalvimrc.patch
* vim-7.1.314-CVE-2009-0316-debian.patch
* vim-7.3-diff_check.patch
* vim-python35.patch
* vim-speedup-yaml.patch
- Updated patches:
* vim-7.3-filetype_changes.patch
* vim-7.3-filetype_ftl.patch
* vim-7.3-filetype_spec.patch
* vim-7.3-gvimrc_fontset.patch
* vim-7.3-help_tags.patch
* vim-7.3-mktemp_tutor.patch
* vim-7.3-name_vimrc.patch
* vim-7.3-sh_is_bash.patch
* vim-7.3-use_awk.patch
* vim-7.4-disable_lang_no.patch
* vim-7.4-filetype_apparmor.patch
* vim-7.4-filetype_mine.patch
* vim-7.4-highlight_fstab.patch
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim73-no-static-libpython.patch
* vim-7.4-rpmlintrc
* vim73-no-static-libpython.patch
- Added patches:
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim-8.1.0297-dump3.patch
* vim-8.2.2411-globalvimrc.patch
* disable-unreliable-tests.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v7.4.326...v9.0.0814
- w3m
-
- CVE-2022-38223 Out-of-bounds write in checkType located in etc.c
(bsc#1202684)
- add:
0002-Fix-m17n-backspace-handling-causes-out-of-bounds-wri.patch
0001-Fix-warning-for-unused-variable-without-USE_M17N.patch
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
correctly OR grouped lease status (bnc#896188)
netlink attribute if provided by the kernel (bnc#885007).
do not detect persistence but set if requested only (bnc#876845).
- client: do not mix shared with exclusive references (bnc#877776)
- extensions: disabled writing of wickedd.log (debug) file
- addrconf: initial lease writing/parsing helpers / disarmed
- several lldp fixes, mostly for parsing / formatting
- xterm
-
- xterm-CVE-2022-45063.patch: Fixed code injection via fontops ESC 50
when a font is not present (bsc#1205305 CVE-2022-45063)
- xterm-CVE-2022-24130.patch: Fixed buffer overflow in set_sixel
when Sixel support is enabled (bsc#1195387)
- yast2-cluster
-
- bsc#1204530, set crypto_hash as "/sha1"/ and set crypto_cipher as "/aes256"/,
- Set transport as "/udpu"/ when detect in cloud,
- Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured
- Set focus on "/Generate Auth Key File"/ when secauth is true
- Implement ValidateSecurity method
- Set focus on memberaddr add when using udpu
- Version 3.4.3
- yast2-packager
-
- Do not fail when the installation URL contains a space
(bsc#1201816)
- 3.3.5
- yast2-printer
-
- Try to connect with SMB3 protocol when testing SMB printers
(bsc#1084277)
- 3.2.1
- yast2-registration
-
- fix crash of autoyast config dialog (bsc#1152913)
- 3.3.1
- zlib
-
- Follow up fix for bsc#1203652 due to libxml2 breakage
* bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch