- cloud-regionsrv-client
-
- Update to version 10.1.5 (bsc#1217583)
+ Fix fallback path when IPv6 network path is not usable
+ Enable an IPv6 fallback path in IMDS access if it cannot be accessed
over IPv4
+ Enable IMDS access over IPv6
- Update to version 10.1.4 (bsc#1217451)
+ Fetch cert for new update server during failover
- Update to version 10.1.3 (bsc#1214801)
+ Add a warning if we detect a Python package cert bundle for certifi
This will help with debugging and point to potential issues when
using SUSE images in AWS, Azure, and GCE
- Update to version 10.1.2 (bsc#1211282)
+ Properly handle Ipv6 when checking update server responsiveness. If not
available fall back and use IPv4 information
+ Use systemd_ordered to allow use in a container without pulling systemd
into the container as a requirement
- pacemaker
-
- attrd: don't start a new election when receiving a client update (bsc#1215446)
* bsc#1215446-0001-Low-attrd-don-t-start-a-new-election-when-receiving-.patch
- lvm2
-
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
+ bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch
- curl
-
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
* Add curl-libssh_Implement_SFTP_packet_size_limit.patch
- Security fixes:
* [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
* [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
* Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
- Security fixes:
* [bsc#1215888, CVE-2023-38545] SOCKS5 heap buffer overflow
* [bsc#1215889, CVE-2023-38546] Cookie injection with none file
* Add curl-CVE-2023-38545.patch curl-CVE-2023-38546.patch
- patterns-sles
-
- Require kmod-compat rather than kmod. It's kmod-compat that has the tools
used by the kernel and scripts (bsc#1215533).
- python-base
-
- (bsc#1214691, CVE-2022-48566) Add
CVE-2022-48566-compare_digest-more-constant.patch to make
compare_digest more constant-time.
- Allow nis.so for SLE-12.
- (bsc#1214685, CVE-2022-48565) Add
CVE-2022-48565-plistlib-XML-vulns.patch (from
gh#python/cpython#86217) reject XML entity declarations in
plist files.
- Remove BOTH CVE-2023-27043-email-parsing-errors.patch and
Revert-gh105127-left-tests.patch (as per discussion on
bsc#1210638).
- pam
-
- pam_unix: Add no_pass_expiry option to ignore password expiration
[bsc#1215594 pam-unix-add-no_pass_expiry-option.patch]
- zlib
-
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
overflow in zipOpenNewFileInZip4_6, bsc#1216378
* CVE-2023-45853.patch
- glibc
-
- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)
- s390-nl-current-lc-foo-used.patch: S390: Fix relocation of
_nl_current_LC_CATETORY_used in static build (bsc#1215504, BZ #19860)
- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
- openssh
-
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
This mitigates a prefix truncation attack that could be used to
undermine channel security.
- openslp
-
- add separate source openslp.logrotate.systemd to use systemctl
reload for logrotate configuration [bnc#1206153]
new file: openslp.logrotate.systemd
- bind
-
- Security Fix:
* Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out
of available stack memory, causing named to terminate
unexpectedly. This has been fixed.
[bsc#1215472, CVE-2023-3341, bind-CVE-2023-3341.patch]
- compat-openssl098
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- sqlite3
-
- Sync version 3.44.0 from Factory
* Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
* sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
* Obsoletes sqlite-CVE-2022-46908.patch
* Obsoletes sqlite-src-3390000-func7-pg-181.patch
- shadow
-
- bsc#1214806 (CVE-2023-4641):
Fix potential password leak
- Add shadow-CVE-2023-4641.patch
- avahi
-
- Add avahi-CVE-2023-38473.patch: derive alternative host name from
its unescaped version (bsc#1216419 CVE-2023-38473).
- libzypp
-
- Ignore if the media to unmount is no longer mounted
(bsc#1216064)
- Close all media after having preloaded the cache.
Mitigates the change that during package installation e.g. a
nfs.service restart forcefully unmounts the media we access
(bsc#1216064)
- version 16.22.10 (0)
- repo: Don't download unneeded sqlite metadata (fixes #476)
- version 16.22.9 (0)
- rsyslog
-
- fix rsyslog crash in imrelp (bsc#1210286)
* add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
- gpg2
-
- Security Fix: [bsc#1088255, CVE-2018-9234]
* Unenforced configuration allows for apparently valid certifications
actually signed by signing subkeys. GnuPG <= 2.2.5 does not enforce
a configuration in which key certification requires an offline master
Certify key, which results in apparently valid certifications that
occurred only with access to a signing subkey.
* Add gnupg-CVE-2018-9234.patch
- libX11
-
- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
* CVE-2023-43785 libX11: out-of-bounds memory access in
_XkbReadKeySyms() (boo#1215683)
* CVE-2023-43786 libX11: stack exhaustion from infinite recursion
in PutSubImage() (boo#1215684)
* CVE-2023-43787 libX11: integer overflow in XCreateImage()
leading to a heap overflow (boo#1215685)
- openssl-1_1
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- libXpm
-
- U_0000-test-Add-unit-tests-using-glib-framework.patch
U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch
U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
* fixes CVE-2023-43788 libXpm: out of bounds read in
XpmCreateXpmImageFromBuffer() (boo#1215686)
* fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
corrupted colormap (boo#1215687)
- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
* avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684,
boo#1215685); see changelog in libX11 update ...
- suse-module-tools
-
- Update to version 12.13: added blacklist entries in modprobe.conf
* blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
* blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
* blacklist isst_if_mbox_msr (bsc#1187196)
- python3
-
- (bsc#1214691, CVE-2022-48566) Add
CVE-2022-48566-compare_digest-more-constant.patch to make
compare_digest more constant-time.
- (bsc#1214685, CVE-2022-48565) Add
CVE-2022-48565-plistlib-XML-vulns.patch (from
gh#python/cpython#86217) reject XML entity declarations in
plist files.
- (bsc#1214677, CVE-2022-48564) Add
CVE-2022-48564-DoS-read_ints-plistlib.patch fixing
gh#python/cpython#86269 (backport from 3.6), which prevents DoS
when processing malformed Apple Property List files in binary
format.
- Skip test_plistlib.test_identity test on aarch64.
- (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
address parsing errors and returns empty tuple to indicate the
parsing error (old API).
- Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
gh#python/cpython!99366), fixing bsc#1211158.
- Add stack_overflow_test_endless_recursion.patch to avoid
failing test.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
CURRENTLY SWITCHED OFF, AS IT IS STILL WIP AND UNDEBUGGED
- Use python3 modules to build the documentation.
- kernel-default
-
- net/ulp: use consistent error code when blocking ULP
(CVE-2023-0461 bsc#1208787 bsc#1217079).
- net/ulp: prevent ULP without clone op from entering the LISTEN
status (CVE-2023-0461 bsc#1208787 bsc#1217079).
- commit fb04b97
- Revert "Bluetooth: btsdio: fix use after free bug in
btsdio_remove due to unfinished work" (git-fixes).
- commit a2b7495
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
(git-fixes).
- md/raid10: Do not add spare disk when recovery fails
(git-fixes).
- md/raid10: clean up md_add_new_disk() (git-fixes).
- md/raid10: prioritize adding disk to 'removed' mirror
(git-fixes).
- md/raid10: improve code of mrdev in raid10_sync_request
(git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(git-fixes).
- md/bitmap: factor out a helper to set timeout (git-fixes).
- md/bitmap: always wake up md_thread in timeout_store
(git-fixes).
- dm-raid: remove useless checking in raid_message() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
(git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md: fix data corruption for raid456 when reshape restart while
grow up (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
(git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
(git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
(git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: fix incorrect declaration about claim_rdev in
md_import_device (git-fixes).
- md: remove lock_bdev / unlock_bdev (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: do not return existing mddevs from mddev_find_or_alloc
(git-fixes).
- md: refactor mddev_find_or_alloc (git-fixes).
- md: factor out a mddev_alloc_unit helper from mddev_find
(git-fixes).
- md: get sysfs entry after redundancy attr group create
(git-fixes).
- commit 293695f
- md: fix deadlock causing by sysfs_notify (git-fixes).
- Refresh patches.kabi/md-backport-kabi.patch.
- commit f6c5a12
- md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).
- md: add new workqueue for delete rdev (git-fixes).
- commit 17e8908
- blacklist.conf: update for non-backport commits
- commit 8da9f2d
- usb-storage: fix deadlock when a scsi command timeouts more
than once (git-fixes).
- commit cf05cec
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
(git-fixes).
- commit 762e0de
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- Refresh
patches.suse/USB-serial-option-add-Quectel-EC200A-module-support.patch.
- commit b94685a
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- commit 55c3b8d
- blacklist.conf: cleanup
- commit 8877293
- blacklist.conf: pure cleanup
- commit e8a295a
- usb: typec: tcpm: Fix altmode re-registration causes sysfs
create fail (git-fixes).
- commit fc9ee7b
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive
(bsc#1214764).
- commit 66a91f5
- Update patches.kabi/NFSv4-Fix-OPEN-CLOSE-race-FIX.patch
(bsc#1176950, bsc#1217525).
- Refresh
patches.kabi/NFSv4-Wait-for-stateid-updates-after-CLOSE-OPEN_DOWN_kabi.patch.
- commit 70e60bf
- netfilter: conntrack: dccp: copy entire header to stack buffer,
not just basic one (CVE-2023-39197 bsc#1216976).
- commit 91c26b6
- kernel-binary: suse-module-tools is also required when installed
Requires(pre) adds dependency for the specific sciptlet.
However, suse-module-tools also ships modprobe.d files which may be
needed at posttrans time or any time the kernel is on the system for
generating ramdisk. Add plain Requires as well.
- commit 8c12816
- Revert "tracing: Fix warning in trace_buffered_event_disable()"
(bsc#1217036)
Temporarily revert the commit. It exposed a separate issue related to
trace buffered event synchronization which needs to be fixed first.
- commit 579dd1d
- README.SUSE: fix patches.addon use
It's series, not series.conf in there.
And make it more precise on when the patches are applied.
- commit cb8969c
- Do not store build host name in initrd
Without this patch, kernel-obs-build stored the build host name
in its .build.initrd.kvm
This patch allows for reproducible builds of kernel-obs-build and thus
avoids re-publishing the kernel-obs-build.rpm when nothing changed.
Note that this has no influence on the /etc/hosts file
that is used during other OBS builds.
https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e
- cpu/hotplug: Create SMT sysfs interface for all arches
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- Refresh patches.suse/cpu-SMT-Move-SMT-prototypes-into-cpu_smt.h.patch.
- Refresh patches.suse/cpu-SMT-Store-the-current-max-number-of-threads.patch.
- Refresh patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- Refresh patches.suse/x86-power-Fix-nosmt-vs-hibernation-triple-fault-duri.patch.
- commit f37a0c7
- Update config files.
- commit dbf7641
- s390/cio: unregister device when the only path is gone
(git-fixes bsc#1217607).
- commit 750467a
- s390/dasd: use correct number of retries for ERP requests
(git-fixes bsc#1217604).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
bsc#1217603).
- commit d2fc41b
- cpu/SMT: Remove topology_smt_supported() (bsc#1214408).
- commit 3012e9b
- cpu/SMT: Store the current/max number of threads (bsc#1214408).
- Refresh
patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch.
- commit bfa1761
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).
- commit acb1c39
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).
- Refresh
patches.kabi/cpu-hotplug-Fix-SMT-disabled-by-BIOS-detection-for-K.patch.
- commit 76bedc5
- s390/dasd: protect device queue against concurrent access
(git-fixes bsc#1217519).
- commit dab3b0f
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
docker together (bsc#1216031).
- commit f260538
- Ensure ia32_emulation is always enabled for kernel-obs-build
If ia32_emulation is disabled by default, ensure it is enabled
back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
[ms: Always pass the parameter, no need to grep through the config which
may not be very reliable]
- commit 56a2c2f
- rpm: Define git commit as macro
- commit bcc92c8
- kernel-source: Move provides after sources
- commit dbbf742
- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
CVE-2023-45863).
- commit 9922921
- xfs: make sure maxlen is still congruent with prod when rounding
down (git-fixes).
- commit 0154927
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
(git-fixes).
- commit 6c99467
- l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).
- commit 0e54c67
- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file
overflow (git-fixes).
- commit 28faea4
- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit f386e74
- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
Implement KABI fix for above
- commit 5b65c0e
- perf/core: Fix __perf_read_group_add() locking (bsc#1216584
CVE-2023-5717).
- perf/core: Fix locking for children siblings group read
(bsc#1216584 CVE-2023-5717).
- commit 8ccfe6e
- s390/crashdump: fix TOD programmable field size (git-fixes
bsc#1217206).
- commit 9780bde
- blacklist.conf: Add a not-suitable kprobes patch
- commit 0eb14eb
- ring-buffer: Avoid softlockup in ring_buffer_resize()
(git-fixes).
- commit d8d3409
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
(git-fixes).
- scsi: qla2xxx: Fix double free of dsd_list during driver load
(git-fixes).
- commit 9172a73
- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
Not supported by our compiler.
- commit eb32b5a
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
(LTC#203996 bsc#1217087).
- commit 3a41a21
- s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).
- commit b4ffc60
- s390/mm: add missing arch_set_page_dat() call to gmap
allocations (LTC#203996 bsc#1217087).
- commit 1b2cc83
- s390/mm: add missing arch_set_page_dat() call to
vmem_crst_alloc() (LTC#203996 bsc#1217087).
- commit 0dd665d
- s390/cmma: fix initial kernel address space page table walk
(LTC#203996 bsc#1217087).
- commit 1ad76c2
- igb: set max size RX buffer when store bad packet is enabled
(bsc#1216259 CVE-2023-45871).
- commit d675d77
- drm/qxl: fix UAF on handle creation (CVE-2023-39198
bsc#1216965).
- commit 9ba677b
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit b07c667
- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
to fix build on x86_32.
There was a fix submitted to upstream but it was not accepted:
https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37
- net-memcg: Fix scope of sockmem pressure indicators
(bsc#1216759).
- commit 508863b
- scripts/osc_wrapper: call osc init before build
Otherwise osc build doesn't build anything and complains instead:
Directory '...' is not a working copy.
Use "kernel-source" as package as it doesn't matter which we build. It's
only to make osc happy that we have a working copy. And all packages
link to kernel-source anyway.
- commit 2201b26
- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
bsc#1210778).
- commit 0f8804e
- USB: ene_usb6250: Allocate enough memory for full object
(bsc#1216051 CVE-2023-45862).
- commit 6d3e018
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
bsc#1216514).
- commit 64da298
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
- commit 5844864
- sched/fair: Don't balance task to its current running CPU
(git fixes (sched)).
- sched/core: Mitigate race
cpus_share_cache()/update_top_cache_domain() (git fixes
(sched)).
- sched: Reenable interrupts in do_sched_yield() (git fixes
(sched)).
- sched: correct SD_flags returned by tl->sd_flags() (git fixes
(sched)).
- sched: Avoid scale real weight down to zero (git fixes (sched)).
- sched/core: Fix migration to invalid CPU in
__set_cpus_allowed_ptr() (git fixes (sched)).
- sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
(git fixes (sched)).
- sched/rt: Minimize rq->lock contention in
do_sched_rt_period_timer() (git fixes (sched)).
- commit 913e5fc
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit b83449b
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9afb234
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit bb2fa98
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit d6a80de
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit ede2396
- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit 8fb5a69
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 1100fe5
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit c026b47
- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 0f74b6a
- blacklist.conf: Fix only in the event of a customer bug
- commit 17b0259
- blacklist.conf: Mostly cosmetic fix to a build warning
- commit 1af83e7
- blacklist.conf: Fix to experimental feature, fix only in the event of a customer bug
- commit 56273cd
- blacklist.conf: Complex dependencies missing that applies to an extreme corner case, fix only in the event of a customer bug
- commit d67ae17
- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9b299fd
- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit cd58927
- blacklist.conf: Guard against unlikely tuning value, fix only in the event of a customer bug
- commit 166c336
- blacklist.conf: Missing dependencies, fix only in the event of a customer bug
- commit cbebcfe
- blacklist.conf: Sparse warning fix
- commit b199522
- blacklist.conf: Cosmetic, debugging patch for unused config
- commit 22b7a31
- iommu/amd: Set iommu->int_enabled consistently when interrupts
are set up (bsc#1206010).
- commit d889c94
- iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
- Delete patches.kabi/kABI-Fix-kABI-for-struct-amd_iommu.patch.
- commit 2e08e52
- kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
(bsc#1206010).
- iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
(bsc#1206010).
- commit 422a4d8
- git_sort: horms/ipvs remotes switched from master to main branch
- commit 777aadb
- virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
(git-fixes).
- commit 595e0b1
- 9p: virtio: make sure 'offs' is initialized in zc_request
(git-fixes).
- commit 10bf215
- blacklist.conf: add "hwrng: virtio - Fix race on data_avail and actual data"
- commit c5a6489
- virtio_net: Fix error unwinding of XDP initialization
(git-fixes).
- commit 2d8db2e
- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 4eba973
- virtio: Protect vqs list access (git-fixes).
- commit 0445801
- crypto: virtio: Fix use-after-free in
virtio_crypto_skcipher_finalize_req() (git-fixes).
- commit 1c1619c
- vsock/virtio: add transport parameter to the
virtio_transport_reset_no_sock() (git-fixes).
- Refresh
patches.suse/vhost-vsock-accept-only-packets-with-the-right-dst_c.patch.
patches.suse/net-virtio_vsock-Enhance-connection-semantics.patch
- commit b2f8fd4
- virtio_balloon: fix deadlock on OOM (git-fixes).
- commit 55dd88a
- xen-netback: use default TX queue size for vifs (git-fixes).
- commit bcb62a2
- xen/x86: obtain full video frame buffer address for Dom0 also
under EFI (bsc#1215743).
- commit 04d5576
- scripts/CKC: report "partly" correctly from parents
Commit a2aefc584d8 introduced blacklist reporting. Unforturnately
it repurposed return code 1 from check_branch function to mean
"backlisted" instead of "partly", which was not adjusted in
check_parents function.
- commit 143d5b4
- scripts/CKC: do not report results for fictional branches
Unfortunately, only return values of 0-255 range are allowed, thus
pick some distinct one.
- commit 5a9b63a
- xen/x86: obtain upper 32 bits of video frame buffer address
for Dom0 (bsc#1215743).
- commit e0fb7ee
- s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
- commit 46941f7
- usb: typec: altmodes/displayport: fix pin_assignment_show
(git-fixes).
- commit d110fbf
- usb: typec: altmodes/displayport: Fix configure initial pin
assignment (git-fixes).
- commit 849955e
- net: usb: dm9601: fix uninitialized variable use in
dm9601_mdio_read (git-fixes).
- commit f96b2d4
- README: Add the .md extension to the filename (jsc#PED-5021)
The README document has been converted to Markdown. Add the .md
extension to its filename so it gets nicely formatted on the Github
mirror.
- commit 245860e
- README: Reflow text to 80-column width (jsc#PED-5021)
- commit 6b67443
- README: Convert the document to Markdown (jsc#PED-5021)
- commit bbaa1b1
- README: Adjust heading style (jsc#PED-5021)
* Underscore all headings as a preparation for Markdown conversion.
* Use title-style capitalization for the document name and
sentence-style capitalization for section headings, as recommended in
the current SUSE Documentation Style Guide.
* Strip the table of contents. The document is short and easy to
navigate just by scrolling through it.
- commit 6f0a5cf
- README: Generalize the document (jsc#PED-5021)
* Rename the document to "SUSE Kernel Repository".
* Add an Overview section which describes what the repository contains
and provides a short introductory paragraph how the kernel is built.
The latter is borrowed from doc/README.SUSE.
- commit d24911b
- README: Update the Related Information section (jsc#PED-5021)
Add a link to kernel.suse.com and the kernel page on the openSUSE wiki.
- commit ac14bcc
- README: Update the Embargoed Patches section (jsc#PED-5021)
* Improve wording and style: avoid use of the "e.g." and "i.e."
abbreviations, etc.
* Update the example branch names to SLE15-SP5.
* Remove the example how to merge the embargoed branch back because the
commands should be obvious to anyone dealing with embargoed branches.
- commit e9f83e5
- README: Update the Ignoring Kernel ABI Changes section (jsc#PED-5021)
* Improve the wording and style: rework use of ambiguous "we", avoid use
of the future tense when not necessary, etc.
* Update the text to reflect that symvers and symtypes are the reference
files. Remove any mention of symbol sets.
- commit 61dabdd
- README: Update the Kernel ABI Changes section (jsc#PED-5021)
* Add a short description about stable kABI to give readers more
context.
* Rework the main part of the section to reflect that the ABI reference
is stored in symvers and symtypes files, applies to SLE12 onwards.
* Adjust the update-symvers example to note that in order to update both
reference files, one has to pass to the script the default and devel
packages for a respective kernel.
* Drop the second update-symvers example which mentions use of --filter
because the option should not be generally very useful to most people.
* Update the note about who should update the kabi files to say that it
should be branch maintainers.
- commit 1d97539
- scripts/CKC: fixed iterating over an array + skip unrecognized options
- 182c5295bfe1 introduced option parsing which unfotunately broke
iterating over the terms since it changed the type of KBC_CHECK_TERMS
from a string (of space separated tokens) to a proper bash array
which requires a different method of iteration.
- With different version of the script flying around it's better to
skip unrecognized options so that they are not mistaken for terms to
search for, one can always force them after '--'.
- commit f0ca120
- README: Update the What Is The Kernel ABI? section (jsc#PED-5021)
* Remove long obsolete information about "kernel(...)" per-class RPM
dependencies and replace it with information about "ksym(...)"
per-symbol entries.
* Simplify structure of the text.
- commit 7a70ee0
- README: Update the Committing and Log Messages section (jsc#PED-5021)
Rework the section to reflect that RPM changelogs are nowadays produces
directly from a Git log.
- commit 2dcbfb9
- scripts/CKC: add -c (--color) and -C (--Color) options
- c turns on colored results unconditionally.
- C turns on colored results if and only if the STDOUT is connected to
the terminal which is useful when piping the output somewhere.
Neither option is the default.
Color mapping:
ok = green
missing = red
partly = yellow
blacklisted = magenta
Example:
./scripts/check-kernel-commit 559089e0a93d -c
- commit 34a9cf5
- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
xsa-441, cve-2023-34324).
- commit a9545c4
- README: Update the Config Option Changes section (jsc#PED-5021)
* Slightly improve wording in the section.
* Bump the example directory to SLE15-SP5 to match the previous update
to the Before you commit section.
- commit 5494c94
- README: Update the Before You Commit section (jsc#PED-5021)
* Prefix the example invocation of scripts/sequence-patch.sh with "./"
for consistency with the rest of the document.
* Update the example output from scripts/sequence-patch.sh to match the
regular invocation instead of the Rapidquilt case and bump the output
to SLE15-SP5.
* Drop the paragraph describing that a fix patch should be placed in
series.conf close to the patch which introduced the associated bug.
The current situation is that the patches should be sorted according
to the upstream order.
* Add a new paragraph describing use of scripts/sequence-patch.sh with
Rapidquilt.
* Fix typos, slightly improve wording and integrate some occurrences of
additional details in parentheses.
- commit 05796c7
- blacklist.conf: risky backport that doesn't fix any actual bug
- commit 3d04b1a
- s390/vdso: add missing FORCE to build targets (git-fixes
bsc#1216140).
- commit cd866ae
- blacklist.conf: does not really fix any bug
- commit cba9926
- blacklist.conf: changes exported symbol
- commit d468872
- README: Update the Patch Headers section (jsc#PED-5021)
* Fix typos, slightly improve some wording and avoid writing additional
details in parentheses.
* Remove ":" from the names of patch tags which appear in regular
sentences. The suffix is somewhat redundant and made README
inconsistent with doc/README.PATCH-POLICY.SUSE in this regard.
* Provide an updated example for the patch header format. The new
example is shorter and shows current typically-used references.
- commit 28312bc
- README: Update the Getting Started section (jsc#PED-5021)
* Drop a mention that Git > 1.5.x is needed. This version was released
in 2007 already.
* Capitalize names of Git, Quilt and RPM, where appropriate.
* Remove the use of the --quilt option from the sequence-patch.sh
example as it is the default.
* Replace patches.fixes/ with patches.suse/ since the latter is now the
common directory for fix patches.
* Fix some typos and avoid use of a serial comma.
- commit 8b03ad9
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- commit 3f2541c
- blacklist.conf: cleanup, not fix
- commit 23ed894
- audit: fix potential double free on error path from
fsnotify_add_inode_mark (git-fixes).
- commit 4086838
- blacklist.conf: irrelevant in our configs
- commit 60908b6
- tools/thermal: Fix possible path truncations (git-fixes).
- commit 012a1c3
- blacklist.conf: build only fix
- commit 9be29dc
- KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
- commit 1e42611
- blacklist.conf: the codebase changed too much to backport the patch
- commit 79518bf
- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
CVE-2023-39189).
- commit 1a88b87
- git_sort: Add ARM KVM repository
- commit 9df3d01
- mm, memcg: reconsider kmem.limit_in_bytes deprecation
(bsc#1208788 bsc#1213705).
- commit 2d13fe0
- memcg: drop kmem.limit_in_bytes (bsc#1208788)
This brings a breaking commit for easier backport, it'll be fixed
differently in a following commit.
- commit f87e772
- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 154e29d
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
(git-fixes).
- commit 86ad453
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
(git-fixes).
- commit 5c6ec60
- net: usb: smsc75xx: Fix uninit-value access in
__smsc75xx_read_reg (git-fixes).
- commit aaff955
- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
(jsc#PED-5021)
- commit c05cfc9
- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 5490bdd
- tracing: Fix race issue between cpu buffer write and swap
(git-fixes).
- commit cd23ed9
- blacklist.conf: Add a not-needed ftrace cleanup
- commit 8f29597
- tracing: Fix memleak due to race between current_tracer and
trace (git-fixes).
- commit 39d6a56
- tracing: Fix cpu buffers unavailable due to 'record_disabled'
missed (git-fixes).
- commit 6f0b300
- scripts/CKC: speedup the script by caching grep patches results
- searching patches seems to be the most expensive operation
- it's done repeatedly for the same arguments (term, branch)
- store results in an associative array and look them up later
$ time ./scripts/check-kernel-commit 1240eb93f0616b21c675416516ff3d74798fdc97
...
Before
real 0m25.595s
user 2m14.772s
sys 0m10.509s
After
real 0m18.022s
user 1m31.260s
sys 0m7.380s
- commit d9efd35
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860).
- commit bb891c5
- scripts/CKC: implement option parsing and -g <pattern> or --grep <pattern>
- option parsing can be easily extended in the future
- "-g <pattern>" skips top-level branches not matching the pattern
examples:
CKC -g 'LTSS$' 544f1d62e3e6
CKC 544f1d62e3e6 -g 5-SP4
CKC -g 'stable|ALP' 544f1d62e3e6
- update help message
- add -h or --help option for consistency
- reading config file remains as it is for backwards compatibility
- commit 182c529
- s390/zcrypt: fix reply buffer calculations for CCA replies
(LTC#203322 bsc#1213950).
- commit 877301e
- s390/zcrypt: change reply buffer size offering (LTC#203322
bsc#1213950).
- commit e230ae5
- scsi: zfcp: Defer fc_rport blocking until after ADISC response
(LTC#203327 bsc#1213977 git-fixes).
- commit 1163975
- s390: add z16 elf platform (LTC#203790 bsc#1215954).
- commit 2f5d3f2
- CKC: Clarify usage
- commit 5ea48e1
- net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194
bsc#1215861).
- commit 30ab691
- netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193
bsc#1215860).
- commit bc6f173
- netfilter: xt_u32: validate user space input (CVE-2023-39192
bsc#1215858).
- commit a35eb65
- ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754
bsc#1215467).
- commit 3bbdd91
- scripts/git-fixes: treat optional first argument as a base-ref
By default, git-fixes script checks commits for fixes based on the
upstream branch, but this does not work very well for two reasons.
1/ There might not be an upstream branch at all.
2/ It's out of sync with what actually needs to be checked.
- use optional first argument as a base-ref instead of upstream branch
- improve error message in case of missing upstream branch
- delete unused "branch" variable from the script
- show number of commits checked in case of PASS (should raise flags
in case of zero commits or some other strange number)
- commit 9e365d0
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes
bsc#1215898).
- commit fe1e883
- KVM: s390: vsie: Fix the initialization of the epoch extension
(epdx) field (git-fixes bsc#1215897).
- commit 8cf6ae4
- doc/README.PATCH-POLICY.SUSE: Remove the list of links (jsc#PED-5021)
All links have been incorporated into the text. Remove now unnecessary
list at the end of the document.
- commit 43d62b1
- doc/README.SUSE: Adjust heading style (jsc#PED-5021)
* Underscore all headings as a preparation for Markdown conversion.
* Use title-style capitalization for the document name and
sentence-style capitalization for section headings, as recommended in
the current SUSE Documentation Style Guide.
- commit 11e3267
- tcp: Reduce chance of collisions in inet6_hashfn()
(CVE-2023-1206 bsc#1212703).
- commit a16b5ec
- blacklist.conf: workqueue: compiler warning on 32-bit systems with
Clang (bsc#1215877)
- commit cdf35f4
- blacklist.conf: printk: cosmetic problem
- commit ba43537
- tracing: Reverse the order of trace_types_lock and event_mutex
(git-fixes bsc#1215634).
- blacklist.conf: Remove the patch
- commit f4d2e9c
- blk-mq: Rerun dispatching in the case of budget contention
(bsc#1214586).
- commit 8383227
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1214586).
- commit 85f0c35
- blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason
to kick (bsc#1214586).
- commit c307c4a
- drm/client: Fix memory leak in drm_client_target_cloned (bsc#1152446)
Backporting changes:
* move changes to drm_fb_helper.c
* context changes
- commit 2728def
- drm/client: Send hotplug event after registering a client (bsc#1152446)
Backporting changes:
* send hotplug event from drm_client_add()
* remove drm_dbg_kms()
- commit 6137335
- drm/ast: Fix DRAM init on AST2200 (bsc#1152446)
- commit e2e4c86
- NFS/pNFS: Report EINVAL errors from connect() to the server
(git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
(git-fixes).
- commit fd7ddac
- doc/README.PATCH-POLICY.SUSE: Reflow text to 80-column width
(jsc#PED-5021)
- commit be0158c
- doc/README.PATCH-POLICY.SUSE: Update information about the tools
(jsc#PED-5021)
* Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
* Limit the range of commits in the exportpatch example to prevent it
from running for too long.
* Incorporate URLs directly into the text.
* Fix typos and improve some wording, in particular avoid use of "there
is/are" and prefer the present tense over the future one.
- commit c0bea0c
- doc/README.PATCH-POLICY.SUSE: Update information about the patch
format (jsc#PED-5021)
* Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
* Remove references to links to the patchtools and kernel source. They
are incorporated in other parts of the text.
* Use sentence-style capitalization for section headings, as recommended
in the current SUSE Documentation Style Guide.
* Fix typos and some wording, in particular avoid use of "there is/are".
- commit ce98345
- doc/README.PATCH-POLICY.SUSE: Update the summary and background
(jsc#PED-5021)
* Drop information about patches being split into directories per
a subsystem because that is no longer the case.
* Remove the mention that the expanded tree is present since SLE11-SP2
as that is now only a historical detail.
* Incorporate URLs and additional information in parenthenses directly
into the text.
* Fix typos and improve some wording.
- commit 640988f
- blacklist.conf: cleanup, not fix
- commit 4145d1c
- blacklist.conf: kABI
- commit a0aa389
- blacklist.conf: kABI
- commit 8946486
- net/mlx5: Fix size field in bufferx_reg struct (git-fixes).
- commit fb53d8d
- blacklist.conf: cleanup, not a fix
- commit 17d3852
- blacklist.conf: irrelevant architectures
- commit 5686dcf
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921
bsc#1215275).
- commit f1f032e
- kernel-binary: Move build-time definitions together
Move source list and build architecture to buildrequires to aid in
future reorganization of the spec template.
- commit 30e2cef
- USB: serial: option: add FOXCONN T99W368/T99W373 product
(git-fixes).
- commit 80d3da2
- USB: serial: option: add Quectel EM05G variant (0x030e)
(git-fixes).
- commit a512bd6
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- commit 1b30310
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- commit 0635685
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- commit 73ce555
- x86/srso: Don't probe microcode in a guest (git-fixes).
- commit 3113dcd
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- commit 353140c
- net: tap: NULL pointer derefence in dev_parse_header_protocol
when skb->dev is null (git-fixes).
- commit 58c21c4
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit faf87ea
- net: ensure mac header is set in virtio_net_hdr_to_skb()
(git-fixes).
- commit 6a7c880
- remoteproc: Add missing '\n' in log messages (git-fixes).
- commit 0453dca
- virtio-net: set queues after driver_ok (git-fixes).
- commit d013d91
- virtio-net: fix race between set queues and probe (git-fixes).
- commit 667d4fc
- virtio_net: suppress cpu stall when free_unused_bufs
(git-fixes).
- commit da2e2b7
- virtio-net: execute xdp_do_flush() before napi_complete_done()
(git-fixes).
- commit 5d3f424
- tools/virtio: fix the vringh test for virtio ring changes
(git-fixes).
- commit 66910c1
- vhost/net: Clear the pending messages when the backend is
removed (git-fixes).
- commit 9b65419
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- commit 85fb064
- vhost: fix range used in translate_desc() (git-fixes).
- commit a845792
- vhost/vsock: Fix error handling in vhost_vsock_init()
(git-fixes).
- commit d808ad4
- virtio_net: fix memory leak inside XPD_TX with mergeable
(git-fixes).
- commit 0582e50
- virtio-gpu: fix a missing check to avoid NULL dereference
(git-fixes).
- commit f24aded
- virtio-net: fix the race between refill work and close
(git-fixes).
- commit fad1dae
- virtio_mmio: Restore guest page size on resume (git-fixes).
- commit d1884a1
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- commit 72af40d
- virtio-net: fix race between ndo_open() and
virtio_device_ready() (git-fixes).
- commit 1d4eaa6
- vringh: Fix loop descriptors check in the indirect cases
(git-fixes).
- commit aa0f829
- virtio-rng: make device ready before making request (git-fixes).
- commit 9bd916a
- drm/virtio: fix NULL pointer dereference in
virtio_gpu_conn_get_modes (git-fixes).
- commit ab80da2
- vsock/virtio: enable VQs early on probe (git-fixes).
- commit eedc07b
- virtio: acknowledge all features before access (git-fixes).
- commit 3d0d2a3
- blacklist.conf: add "virtio: unexport virtio_finalize_features"
- commit 0ef3496
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- commit dab0c56
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
(git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of
smp_processor_id() (git-fixes).
- commit 42813d6
- virtio_pci: Support surprise removal of virtio pci device
(git-fixes).
- commit 8906f5b
- fuse: nlookup missing decrement in fuse_direntplus_link
(bsc#1215607).
- commit cca74d3
- series: refresh meta data on qla2xxx patches
Refresh:
- patches.suse/Revert-scsi-qla2xxx-Fix-buffer-overrun.patch
- patches.suse/scsi-qla2xxx-Add-logs-for-SFP-temperature-monitoring.patch
- patches.suse/scsi-qla2xxx-Allow-32-byte-CDBs.patch
- patches.suse/scsi-qla2xxx-Error-code-did-not-return-to-upper-laye.patch
- patches.suse/scsi-qla2xxx-Fix-firmware-resource-tracking.patch
- patches.suse/scsi-qla2xxx-Fix-smatch-warn-for-qla_init_iocb_limit.patch
- patches.suse/scsi-qla2xxx-Flush-mailbox-commands-on-chip-reset-6d0b6556.patch
- patches.suse/scsi-qla2xxx-Move-resource-to-allow-code-reuse.patch
- patches.suse/scsi-qla2xxx-Remove-unsupported-ql2xenabledif-option.patch
- patches.suse/scsi-qla2xxx-Remove-unused-variables-in-qla24xx_buil.patch
- patches.suse/scsi-qla2xxx-Update-version-to-10.02.09.100-k.patch
- commit 97d82a0
- vsock/virtio: avoid potential deadlock when vsock device remove
(git-fixes).
- commit bb25376
- VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST (git-fixes).
- commit 58985d9
- vsock/virtio: free queued packets when closing socket
(git-fixes).
- commit 364c76d
- vhost: Fix vhost_vq_reset() (git-fixes).
- commit 11c5c4d
- Update
patches.suse/ipv6-raw-Deduct-extension-header-length-in-rawv6_pus.patch
(bsc#1207168 CVE-2023-0394).
(empty commit to synthesize changelog reference)
- commit 5add4b1
- net: check if protocol extracted by virtio_net_hdr_set_proto
is correct (git-fixes).
- commit 2e28a62
- vsock/virtio: update credit only if socket is not closed
(git-fixes).
- commit 4db2ffd
- vhost_net: fix ubuf refcount incorrectly when sendmsg fails
(git-fixes).
- commit 1c25f6d
- vhost: Use vhost_get_used_size() in vhost_vring_set_addr()
(git-fixes).
- commit fc31d1b
- vhost: introduce helpers to get the size of metadata area
(git-fixes).
- Refresh
patches.kabi/kabi-mask-changes-to-vhost_dev_init-and-struct-vhost.patch.
- Refresh
patches.suse/vhost-Don-t-call-access_ok-when-using-IOTLB.patch.
- commit dff33f7
- virtio_ring: Avoid loop when vq is broken in virtqueue_poll
(git-fixes).
- commit 74b72cd
- vhost: missing __user tags (git-fixes).
- commit f5a5b81
- remoteproc: Fix NULL pointer dereference in rproc_virtio_notify
(git-fixes).
- commit 9a37a06
- virtio_balloon: prevent pfn array overflow (git-fixes).
- commit 55ea675
- vhost/test: stop device before reset (git-fixes).
- commit 5483efb
- net: virtio_vsock: Enhance connection semantics (git-fixes).
- commit 9ad5623
- net: do not allow gso_size to be set to GSO_BY_FRAGS
(git-fixes).
- commit 78c9d7f
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- commit 689eec4
- virtio_net: separate the logic of checking whether sq is full
(git-fixes).
- commit 61503de
- virtio_net: reorder some funcs (git-fixes).
- commit f621ba2
- idr: fix param name in idr_alloc_cyclic() doc (bsc#1109837).
- commit 2f8b856
- virtio_net: Fix probe failed when modprobe virtio_net
(git-fixes).
- commit 3abdcae
- 9p/trans_virtio: Remove sysfs file on probe failure (git-fixes).
- commit 68a725b
- virtio_net: Remove BUG() to avoid machine dead (git-fixes).
- commit 55a074c
- vhost: Don't call access_ok() when using IOTLB (git-fixes).
- commit 25ceff0
- virtio_pci_modern: Fix the comment of
virtio_pci_find_capability() (git-fixes).
- commit cb1942b
- vhost: vsock: kick send_pkt worker once device is started
(git-fixes).
- commit a9baee2
- xen: remove a confusing comment on auto-translated guest I/O
(git-fixes).
- commit 8b1470e
- kernel-binary: python3 is needed for build
At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18
Other simimlar scripts may exist.
- commit c882efa
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 2dc199b
- blacklist.conf: ("mm: defer kmemleak object creation of module_alloc()")
- commit bd408b1
- blacklist.conf: ("arm64/fpsimd: Only provide the length to cpufeature for xCR registers")
- commit fa8f4a7
- blacklist.conf: ("arm64: Add missing Set/Way CMO encodings")
- commit 1c6e245
- arm64: insn: Fix ldadd instruction encoding (git-fixes)
- commit 8cc18ed
- firmware: raspberrypi: fix possible memory leak in
rpi_firmware_probe() (git-fixes).
- commit c078a04
- firmware: raspberrypi: Keep count of all consumers (git-fixes).
- Refresh
patches.suse/firmware-raspberrypi-Introduce-devm_rpi_firmware_get.patch.
- commit 12c2932
- af_unix: Fix null-ptr-deref in unix_stream_sendpage()
(CVE-2023-4622 bsc#1215117).
- commit c96e367
- net/sched: sch_hfsc: Ensure inner classes have fsc curve
(CVE-2023-4623 bsc#1215115).
- commit 522fe97
- cec-api: prevent leaking memory through hole in structure
(CVE-2020-36766 bsc#1215299).
- commit 95fe4aa
- doc/README.SUSE: Reflow text to 80-column width (jsc#PED-5021)
- commit e8f2c67
- doc/README.SUSE: Minor content clean up (jsc#PED-5021)
* Mark the user's build directory as a variable, not a command:
'make -C $(your_build_dir)' -> 'make -C $YOUR_BUILD_DIR'.
* Unify how to get the current directory: 'M=$(pwd)' -> 'M=$PWD'.
* 'GIT' / 'git' -> 'Git'.
- commit 1cb4ec8
- patches.suse/ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch:
Fix compiler warning due to unused 'sbi' variable
- commit f8d160b
- doc/README.SUSE: Update information about module paths
(jsc#PED-5021)
* Use version variables to describe names of the
/lib/modules/$VERSION-$RELEASE-$FLAVOR/... directories
instead of using specific example versions which get outdated quickly.
* Note: Keep the /lib/modules/ prefix instead of using the new
/usr/lib/modules/ location for now. The updated README is expected to
be incorporated to various branches that are not yet usrmerged.
- commit 7eba2f0
- doc/README.SUSE: Update information about custom patches
(jsc#PED-5021)
* Replace mention of various patches.* directories with only
patches.suse as the typical location for patches.
* Replace i386 with x86_64 in the example how to define a config addon.
* Fix some typos and wording.
- commit 2997d22
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (bsc#1154048)
- commit 1fa2e82
- fbdev: imxfb: warn about invalid left/right margin (bsc#1154048)
- commit 31becd0
- fbdev: omapfb: lcd_mipid: Fix an error handling path in (bsc#1154048)
Backporting changes:
* Refresh patch
- commit f0bd08e
- fbcon: Fix null-ptr-deref in soft_cursor (bsc#1154048)
Backporting changes:
* Move code from video/fbdev/core to video/consol
* Refresh patch
- commit a573af9
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (bsc#1154048)
- commit eb11fbc
- blacklist.conf: Append 'fbdev/ep93xx-fb: Do not assign to struct fb_info.dev'
- commit 7445a36
- blacklist.conf: Append 'backlight/lv5207lp: Compare against struct fb_info.device'
- commit deff103
- blacklist.conf: Append 'backlight/gpio_backlight: Compare against struct fb_info.device'
- commit 5ee6636
- blacklist.conf: Append 'backlight/bd6107: Compare against struct fb_info.device'
- commit 639511f
- blacklist.conf: Append 'fbdev: mmp: fix value check in mmphw_probe()'
- commit 170d70b
- blacklist.conf: Append 'fbdev: stifb: Fix info entry in sti_struct on error path'
- commit 1d87a9e
- blacklist.conf: Append 'fbdev: imsttfb: Release framebuffer and dealloc cmap on error path'
- commit 7e72c90
- blacklist.conf: Append 'fbdev: imsttfb: Fix use after free bug in imsttfb_probe'
- commit 702daba
- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
- commit c9c8dac
- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
to race condition (bsc#1215206, CVE-2023-1859).
- commit 4fa7183
- Add a new helper script to drop the number prefix from patch files
strip-number-prefix is a small helper script you can run against patch
files with the number prefix like "0001-foo.patch" to get rid of the
prefix "0001-". There are a few options, e.g. to add the SHA1 ID
suffix automatically for conflicting patch file names, too.
- commit 2f6cda6
- netfilter: nftables: exthdr: fix 4-byte stack OOB write
(CVE-2023-4881 bsc#1215221).
- commit b9ba6b9
- doc/README.SUSE: Update information about config files
(jsc#PED-5021)
* Use version variables to describe a name of the /boot/config-... file
instead of using specific example versions which get outdated quickly.
* Replace removed silentoldconfig with oldconfig.
* Mention that oldconfig can automatically pick a base config from
"/boot/config-$(uname -r)".
* Avoid writing additional details in parentheses, incorporate them
instead properly in the text.
- commit cba5807
- scripts/CKC: Fix some typos
- commit 19e464e
- scripts/check-kernel-commit: Report blacklisted terms
The blacklist hides the commit for tools reporting candidates
for backporting. It might hide commits which might get important
later.
Anyway, the fact that they are blacklisted is interesting and
it would be nice when check-kernel-commit report them.
- commit a2aefc5
- doc/README.SUSE: Update the patch selection section
(jsc#PED-5021)
* Make the steps how to obtain expanded kernel source more generic in
regards to version numbers.
* Use '#' instead of '$' as the command line indicator to signal that
the steps need to be run as root.
* Update the format of linux-$SRCVERSION.tar.bz2 to xz.
* Improve some wording.
- commit e14852c
- doc/README.SUSE: Update information about (un)supported modules
(jsc#PED-5021)
* Update the list of taint flags. Convert it to a table that matches the
upstream documentation format and describe specifically flags that are
related to module support status.
* Fix some typos and wording.
- commit e46f0df
- doc/README.SUSE: Bring information about compiling up to date
(jsc#PED-5021)
* When building the kernel, don't mention to initially change the
current directory to /usr/src/linux because later description
discourages it and specifies to use 'make -C /usr/src/linux'.
* Avoid writing additional details in parentheses, incorporate them
instead properly in the text.
* Fix the obsolete name of /etc/modprobe.d/unsupported-modules ->
/etc/modprobe.d/10-unsupported-modules.conf.
* Drop a note that a newly built kernel should be added to the boot
manager because that normally happens automatically when running
'make install'.
* Update a link to the Kernel Module Packages Manual.
* When preparing a build for external modules, mention use of the
upstream recommended 'make modules_prepare' instead of a pair of
'make prepare' + 'make scripts'.
* Fix some typos+grammar.
- commit b9b7e79
- firmware: raspberrypi: Introduce devm_rpi_firmware_get()
(git-fixes).
- commit b0c6851
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
(git-fixes).
- commit 2f7bf75
- Input: psmouse - fix OOB access in Elantech protocol
(git-fixes).
- commit c22661c
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
(git-fixes).
- Input: xpad - add constants for GIP interface numbers
(git-fixes).
- commit f16c0ae
- blacklist.conf: kABI
- commit ff64baf
- doc/README.SUSE: Bring the overview section up to date
(jsc#PED-5021)
* Update information in the overview section that was no longer
accurate.
* Improve wording and fix some typos+grammar.
- commit 798c075
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
(git-fixes).
- commit 94ae184
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- commit 08d3143
- media: mceusb: return without resubmitting URB in case of
- EPROTO error (git-fixes).
- commit c8383de
- media: flexcop-usb: fix NULL-ptr deref in
flexcop_usb_transfer_init() (git-fixes).
- Refresh
patches.suse/0001-media-flexcop-usb-fix-endpoint-sanity-check.patch.
- commit bad0523
- media: cec: copy sequence field for the reply (git-fixes).
- commit 8765e23
- media: s5p_cec: decrement usage count if disabled (git-fixes).
- commit b1a4e64
- media: cec-notifier: clear cec_adap in cec_notifier_unregister
(git-fixes).
- commit ac5e011
- blacklist.conf: false positive
- commit 6890750
- media: cec: integrate cec_validate_phys_addr() in cec-api.c
(git-fixes).
- commit c1bf95d
- media: cec: make cec_get_edid_spa_location() an inline function
(git-fixes).
- commit 8148e38
- doc/README.SUSE: Update the references list (jsc#PED-5021)
* Remove the reference to Linux Documentation Project. It has been
inactive for years and mostly contains old manuals that aren't
relevant for contemporary systems and hardware.
* Update the name and link to LWN.net. The original name "Linux Weekly
News" has been deemphasized over time by its authors.
* Update the link to Kernel newbies website.
* Update the reference to The Linux Kernel Module Programming Guide. The
document has not been updated for over a decade but it looks its
content is still relevant for today.
* Point Kernel Module Packages Manual to the current version.
* Add a reference to SUSE SolidDriver Program.
- commit 0edac75
- doc/README.SUSE: Update title information (jsc#PED-5021)
* Drop the mention of kernel versions from the readme title.
* Remove information about the original authors of the document. Rely as
in case of other readmes on Git metadata to get information about all
contributions.
* Strip the table of contents. The document is short and easy to
navigate just by scrolling through it.
- commit 06f5139
- doc/README.SUSE: Update information about DUD (jsc#PED-5021)
Remove a dead link to description of Device Update Disks found
previously on novell.com. Replace it with a short section summarizing
what DUD is and reference the mkdud + mksusecd tools and their
documentation for more information.
- commit 7eeba4e
- Delete patches.suse/genksyms-add-override-flag.diff.
The override flag is no longer used in kernel-binary.
- commit 3815406
- git_sort: Add tpmdd repository.
- commit a4a15c9
- s390/dasd: fix hanging device after request requeue (LTC#203632
bsc#1215121).
- commit 313a92d
- jbd2: restore t_checkpoint_io_list to maintain kABI
(bsc#1214946).
- commit 9146c38
- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
Genksyms has functionality to specify an override for each type in
a symtypes reference file. This override is then used instead of an
actual type and allows to preserve modversions (CRCs) of symbols that
reference the type. It is kind of an alternative to doing kABI fix-ups
with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
genksyms --preserve option which primarily tells the tool to strictly
verify modversions against a given reference file or fail.
Downstream patch patches.suse/genksyms-add-override-flag.diff which is
present in various kernel-source branches separates the override logic.
It allows it to be enabled with a new --override flag and used without
specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
file is then a way how the build is told that --override should be
passed to all invocations of genksyms. This was needed for SUSE kernels
because their build doesn't use --preserve but instead resulting CRCs
are later checked by scripts/kabi.pl.
However, this override functionality was not utilized much in practice
and the only use currently to be found is in SLE11-SP1-LTSS. It means
that no one should miss this option and KBUILD_OVERRIDE=1 together with
patches.suse/genksyms-add-override-flag.diff can be removed.
Notes for maintainers merging this commit to their branches:
* Downstream patch patches.suse/genksyms-add-override-flag.diff can be
dropped after merging this commit.
* Branch SLE11-SP1-LTSS uses the mentioned override functionality and
this commit should not be merged to it, or needs to be reverted
afterwards.
- commit 4aa02b8
- Update
patches.suse/s390-dasd-fix-hanging-device-after-quiesce-resume.patch
(git-fixes bsc#1214157 bsc#1215122).
- commit 07aca49
- README: Update info about the References tag (jsc#PED-5021).
* Update that JIRA issue IDs should specify an Implementation task and
no longer its Epic.
* Use https:// for the link to the openSUSE abbreviation list.
- commit 0ba0c76
- blacklist.conf: Blacklist b98dba273a
- commit b92c4bc
- jbd2: simplify journal_clean_one_cp_list() (bsc#1215207).
- commit 6f4c470
- usb: typec: altmodes/displayport: Fix pin assignment calculation
(git-fixes).
- commit 4d0c2c0
- usb: typec: altmodes/displayport: Add pin assignment helper
(git-fixes).
- commit 9232606
- blacklist.conf: Blasklist e5cfefa97bccf
- commit 570bb0a
- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
- commit 79b42a6
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
(bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion
(bsc#1065729).
- word-at-a-time: use the same return type for has_zero regardless
of endianness (bsc#1065729).
- powerpc/64s/exception: machine check use correct cfar for late
handler (bsc#1065729).
- commit 024bdb8
- blacklist.conf: Add eac030b22ea1 ("powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT")
- commit 7c10484
- Drivers: hv: vmbus: Don't dereference ACPI root object handle (git-fixes).
- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- commit 1c1b9d9
- udf: Fix uninitialized array access for some pathnames
(bsc#1214967).
- commit c4327d4
- udf: Fix off-by-one error when discarding preallocation
(bsc#1214966).
- commit e960575
- udf: Fix file corruption when appending just after end of
preallocated extent (bsc#1214965).
- commit 9b4bb47
- udf: Fix extension of the last extent in the file (bsc#1214964).
- commit a800323
- quota: fix warning in dqgrab() (bsc#1214962).
- commit 1c703c8
- quota: Properly disable quotas when add_dquot_ref() fails
(bsc#1214961).
- commit a0acebf
- fs: avoid softlockups in s_inodes iterators (bsc#1215165).
- commit 64a5ec2
- direct-io: allow direct writes to empty inodes (bsc#1215164).
- commit 7c4d7c8
- blacklist.conf: Blacklist 69562eb0bd3e
- commit f13139d
- blacklist.conf: Blacklist 2112f5c1330a
- commit 7d5e43d
- jbd2: remove unused function '__cp_buffer_busy' (bsc#1215162).
- commit 20ed76a
- jbd2: check 'jh->b_transaction' before removing it from
checkpoint (bsc#1214953).
- commit d390fb5
- jbd2: fix checkpoint cleanup performance regression
(bsc#1214952).
- commit eebe7e1
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- commit 2a5ddb1
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- commit 83511a0
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- commit d58daa9
- ext4: correct inline offset when handling xattrs in inode body
(bsc#1214950).
- commit 032825e
- jbd2: Fix wrongly judgement for buffer head removing while
doing checkpoint (bsc#1214948).
- commit 9167319
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- commit bc0cd9a
- ext4: set goal start correctly in ext4_mb_normalize_request
(bsc#1214940).
- commit 8cc1d3d
- s390/zcrypt: don't leak memory if dev_set_name() fails
(git-fixes bsc#1215152).
- commit 6bbbd1c
- scsi: zfcp: reduce flood of fcrscn1 trace records on
multi-element RSCN (git-fixes bsc#1215149).
- commit a1a3484
- patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch:
(bsc#1215136).
- commit edf562a
- scripts/log2: Add support for patch renaming
Add the check of renamed patches and properly log the changes.
They have been ignored until now, and one had to write manually.
- commit e36bcf3
- blacklist.conf: kABI
- commit 57cf107
- blacklist.conf: cleanup, not fix
- commit 61144f9
- blacklist.conf: irrelevant in our configs
- commit e17de4e
- blacklist.conf: kABI
- commit e7ae590
- crmsh
-
- Update to version 4.1.1+git.1698634014.97c7bf37:
* Fix: utils: Call stdout2list correctly (bsc#1216597)
- yast2-auth-client
-
- Skip whitespace-only lines parsing krb5.conf; (bsc#1215297);
- Remove duplicated when clause (dead code) in
src/lib/authui/ldapkrb/main_dialog.rb
- 3.3.21
- python-urllib3
-
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
gh#urllib3/urllib3@4e98d57809da
- Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804)
gh#urllib3/urllib3#3139
* Added the Cookie header to the list of headers to strip from
requests when redirecting to a different host. As before,
different headers can be set via Retry.remove_headers_on_redirect.
- samba
-
- CVE-2023-4091: samba: Client can truncate file with read-only
permissions; (bsc#1215904); (bso#15439).
- libssh2_org
-
- Security fix: [bsc#1218127, CVE-2023-48795]
* Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
* Add libssh2_org-CVE-2023-48795.patch
- Upgrade to version 1.11.0 in SLE-12-SP5: [jsc#PED-5726]
* Add the keyring file: libssh2_org.keyring
* Rebase libssh2-ocloexec.patch
* Remove patches:
- 0001-Add-support-for-HMAC-SHA-256-and-HMAC-SHA-512.patch
- 0001-kex-Added-diffie-hellman-group-exchange-sha256-suppo.patch
- CVE-2015-1782.patch
- CVE-2016-0787.patch
- bsc974691.patch
- libssh2-configure_detect_aes_ctr.patch
- libssh2_org-CVE-2019-3855.patch
- libssh2_org-CVE-2019-3856.patch
- libssh2_org-CVE-2019-3857.patch
- libssh2_org-CVE-2019-3858.patch
- libssh2_org-CVE-2019-3859.patch
- libssh2_org-CVE-2019-3859-fix.patch
- libssh2_org-CVE-2019-3860.patch
- libssh2_org-CVE-2019-3860-fix.patch
- libssh2_org-CVE-2019-3861.patch
- libssh2_org-CVE-2019-3862.patch
- libssh2_org-CVE-2019-3863.patch
- libssh2_org-knownhosts-handle-unknown-key-types.patch
- libssh2_org-CVE-2020-22218.patch
- nghttp2
-
- security update
- added patches
fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
+ nghttp2-CVE-2023-44487.patch
- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
sent, and nghttp2_on_stream_close_callback fails with a fatal error.
[CVE-2023-35945 bsc#1215713]
+ nghttp2-CVE-2023-35945.patch
- ncurses
-
- Add patch bsc1218014-cve-2023-50495.patch
* Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
(bsc#1218014)
- libvpx
-
- Fixing CVE-2023-5217 heap buffer overflow (boo#1215778)
added CVE-2023-5217.patch
- python
-
- (bsc#1214691, CVE-2022-48566) Add
CVE-2022-48566-compare_digest-more-constant.patch to make
compare_digest more constant-time.
- Allow nis.so for SLE-12.
- (bsc#1214685, CVE-2022-48565) Add
CVE-2022-48565-plistlib-XML-vulns.patch (from
gh#python/cpython#86217) reject XML entity declarations in
plist files.
- Remove BOTH CVE-2023-27043-email-parsing-errors.patch and
Revert-gh105127-left-tests.patch (as per discussion on
bsc#1210638).
- grub2
-
- Fix CVE-2023-4692 (bsc#1215935)
- Fix CVE-2023-4693 (bsc#1215936)
* 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
* 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
* 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
* 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
* 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
* 0006-fs-ntfs-Make-code-more-readable.patch
- Bump upstream SBAT generation to 4
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
(bsc#1215382)
- openssl-1_0_0
-
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- vim
-
- Updated to version 9.0 with patch level 2103, fixes the following security problems
* Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
* Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
* Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
* Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103
- Updated to version 9.0 with patch level 1894, fixes the following security problems
* Fixing bsc#1214922 (CVE-2023-4738) - VUL-0: CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both
* Fixing bsc#1214924 (CVE-2023-4735) - VUL-0: CVE-2023-4735: vim: OOB Write ops.c
* Fixing bsc#1214925 (CVE-2023-4734) - VUL-0: CVE-2023-4734: vim: segmentation fault in function f_fullcommand
* Fixing bsc#1215004 (CVE-2023-4733) - VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos
* Fixing bsc#1215006 (CVE-2023-4752) - VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp
* Fixing bsc#1215033 (CVE-2023-4781) - VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both
- drop patches: disable-unreliable-tests.patch
ignore-flaky-test-failure.patch
vim-8.1.0297-dump3.patch
- droped %check - most of tests didn't work correctly in OBS
and maitenace burden of this was getting too big
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1632...v9.0.1894
- Fixing bsc#1210738 - L3: gvim rendering corruption with all 9.x versions
* Add: vim-8.2.3607-revert-gtk3-code-removal.patch
* This reverts commit 9459b8d461d6f8345bfa3fb9b3b4297a7950b0bc
- Fixing bsc#1211461 - L3: vim "eats" first character from prompt in xterm
* Add: reorder-exit-raw-mode.patch
* Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit.
- Use app icon generated from vimlogo.eps in source tarball; add
higher res icons of sizes 128, 256, and 512px as png sources.
Our current icons deviate from upstream flatpaks for example.
- Updated to version 9.0 with patch level 1632
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1572...v9.0.1632
- libxml2
-
- Security update:
* [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
in tree.c
- Added file libxml2-CVE-2023-45322.patch
- tiff
-
- security update:
* CVE-2023-2731 [bsc#1211478]
Fix null pointer deference in LZWDecode()
This patch also contains a required commit which is marked
to fix CVE-2022-1622 [bsc#1199483] but we are not vulnerable
to that CVE because relevant code is not present.
+ tiff-CVE-2023-2731.patch
* CVE-2023-26965 [bsc#1212398]
Fix heap-based use after free in loadImage()
+ tiff-CVE-2023-26965.patch
* CVE-2022-40090 [bsc#1214680]
Fix infinite loop in TIFFReadDirectory()
+ tiff-CVE-2022-40090.patch
* CVE-2023-1916 [bsc#1210231]
Fix out-of-bounds read in extractImageSection()
+ tiff-CVE-2023-1916.patch
- security update:
* CVE-2023-38289 [bsc#1213589]
+ tiff-CVE-2023-38289.patch
* CVE-2023-38288 [bsc#1213590]
+ tiff-CVE-2023-38288.patch
* CVE-2023-3576 [bsc#1213273]
+ tiff-CVE-2023-3576.patch
* CVE-2020-18768 [bsc#1214574]
+ tiff-CVE-2020-18768.patch
* CVE-2023-26966 [bsc#1212881]
+ tiff-CVE-2023-26966.patch
* CVE-2023-3618 [bsc#1213274]
+ tiff-CVE-2023-3618.patch
* CVE-2023-2908 [bsc#1212888]
+ tiff-CVE-2023-2908.patch
* CVE-2023-3316 [bsc#1212535]
+ tiff-CVE-2023-3316.patch
- python3-base
-
- (bsc#1214691, CVE-2022-48566) Add
CVE-2022-48566-compare_digest-more-constant.patch to make
compare_digest more constant-time.
- (bsc#1214685, CVE-2022-48565) Add
CVE-2022-48565-plistlib-XML-vulns.patch (from
gh#python/cpython#86217) reject XML entity declarations in
plist files.
- (bsc#1214677, CVE-2022-48564) Add
CVE-2022-48564-DoS-read_ints-plistlib.patch fixing
gh#python/cpython#86269 (backport from 3.6), which prevents DoS
when processing malformed Apple Property List files in binary
format.
- Skip test_plistlib.test_identity test on aarch64.
- (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
address parsing errors and returns empty tuple to indicate the
parsing error (old API).
- Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
gh#python/cpython!99366), fixing bsc#1211158.
- Add stack_overflow_test_endless_recursion.patch to avoid
failing test.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
CURRENTLY SWITCHED OFF, AS IT IS STILL WIP AND UNDEBUGGED
- Use python3 modules to build the documentation.
- autofs
-
- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
Don't use initgroups at spawn (bsc#1214710)