- SAPHanaSR
-
- Version bump to 0.162.0
* add improvements from SAP to the RA scripts regarding the
handling of the SAP tools 'HDB version', 'HDBSettings.sh' and
'pycd' and the SAPHana log filter handling
(jsc#PED-1739)
* fix for SAPHanaSR-monitor reporting "/LPA status of one node is
missing"/
(bsc#1192963, bsc#1203973)
* SAPHanaSRTools.pm: shows terminate node attribute too
- remove patch:
0001-bsc-1192963.patch
- SAPHanaSR-monitor not reporting correctly
(bsc#1192963)
add patch:
0001-bsc-1192963.patch
- Version bump to 0.161.1_BF
- add the required 'xmllint' to the package
(bsc#1201945)
- changes to the demote_clone function of the resource agent:
if the role is '1:P' (topology agent run into timeouts) the
function fail with rc=1, to get the managed resource stopped
changes to the stop_clone function of the topology agent:
call landscapeHostConfiguration.py and set the roles as they were
reported. If the command timed out, set the role to '1:P' and
return 1 to get the node fenced.
The used timeout for the landscapeHostConfiguration.py call can
be configured by the cluster action timeout, if needed. It will
be 50% of the action timeout or the minimum of 300s.
(bsc#1198127)
- add new HA/DR provider hook susChkSrv
(jsc#PED-1241, jsc#PED-1240)
- add new tool SAPHanaSR-manageProvider to show, add and delete
HA/DR provider sections in the global.ini of SAP HANA.
- update suse icon to new branding
- SUSEConnect
-
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
SCC will be stored inside of the credentials file for later use on API calls.
This way we add system clone detection for systems using this version of SUSE
Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
information in SCC and proxies more accurate. (bsc#1196076)
- binutils
-
- Add binutils-maxpagesize.diff for a problem on old code
streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils. Update to 2.39 from 2.37,
which means obsoleting and hence removing these patches:
binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
binutils-add-z16-name.diff.
Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
[bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
[bsc#1193929] aka PR28694 aka CVE-2021-45078
[bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
[bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
[bsc#1202966] aka PR29289 aka CVE-2022-38126
[bsc#1202967] aka PR29290 aka CVE-2022-38127
[bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
[bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
- -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
needs to support efi-app-aarch64 target. (bsc#1198458)
Adds binutils-add-efi-aarch64-1.diff,
binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
(Fake entry from SLE for tracking purposes:)
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
in crash not accepting some of our .ko.debug files.
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
(forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- Add usage of a SUSE_ZNOW environment variable which allows switching
on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
* Install symlinks for all target specific tools on
arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
- -unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
- -unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to "/warn"/ will generate a
warning message whenever any multibyte character is encountered. Using the
option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- cloud-regionsrv-client
-
- Update to version 10.0.8 (bsc#1206428)
- Fix regression introduced by 10.0.7. When the hosts file was modified
such that there is no empty line at the end of the file the content
after removing the registration data does not match the content prior
to registration. The update fixes the issue triggered by an index
logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
- Implement functionality to detect if an update server has a new cert.
Import the new cert when it is detected.
- Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
- Credentials are equal when username and password are the same ignore
other entries in the credentials file
- Handle multiple zypper names in process table, zypper and Zypp-main
to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
- curl
-
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- Security Fix: [bsc#1204383, CVE-2022-32221]
* POST following PUT confusion
* Add curl-CVE-2022-32221.patch
- dbus-1
-
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- ------------------------------------------------------------------
- dbus-1-x11
-
- Fix a potential crash that could be triggered by an invalid signature.
(CVE-2022-42010, bsc#1204111)
* fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
bsc#1204112)
* fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption CVE-2022-42012,
bsc#1204113)
* fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
* dbus-do-autolaunch.patch
* increase-backlog.patch
* fix-upstream-timeout-reset-2.patch
* fix-upstream-CVE-2020-12049_2.patch
- dhcp
-
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
- drbd
-
- Fix for bug 1189995 slows down full resync significantly (bsc#1203931)
- replace patch:
- fix-stuck-resync-when-cancelled.patch
with three patches:
+ bsc-1189995-01_drbd-Improve-the-resync-controller-for-fast-back-end.patch
+ bsc-1189995-02_drbd-Fix-stuck-resync-when-many-resync-requests-are-.patch
+ bsc-1189995-03_drbd-Fix-handing-of-P_NEG_RS_DREPLY-packet.patch
- other new patches:
+ bsc-1203931-01_drbd-re-introduce-occasional-resync-verify-progress-.patch
+ bsc-1203931-02_drbd-Improve-naming-of-constant-SLEEP_TIME-RS_MK_REQ.patch
+ bsc-1203931-03_drbd-fix-regression-never-ending-online-verify.patch
+ bsc-1203931-04_drbd-fix-VerifyT-being-stuck-when-using-verify-with-.patch
+ bsc-1203931-05_drbd_req-initialize-cong_fill-and-cong_extents.patch
+ bsc-1203931-06_drbd-fixes-ahead-behind-with-multi-volume-resources.patch
+ bsc-1203931-07_drbd-fix-invalid-iterator-usage-in-rcu-contexts.patch
+ bsc-1203931-08_drbd-fix-NULL-deref-in-request_timer_fn-with-disk-ti.patch
+ bsc-1203931-09_drbd-Scan-bitmap-per-peer-instead-of-once-for-the-de.patch
+ bsc-1203931-10_drbd-Never-keep-a-bitmap-uuid-value-if-there-is-no-b.patch
+ bsc-1203931-11_drbd-Fix-a-temporarily-paused-resync-to-make-progres.patch
+ bsc-1203931-12_drbd-One-more-fix-to-make-sure-a-temporarily-paused-.patch
+ bsc-1203931-13_drbd-fix-slow-sync-when-sync-requests-are-answered-q.patch
+ bsc-1203931-14_drbd-fix-incorrect-decrement-of-counter-in-protocol-.patch
+ bsc-1203931-15_drbd-fix-missing-decrement-of-unacked-counter-on-err.patch
+ bsc-1203931-16-drbd-fix-crash-when-c_max_rate-is-set-to-zero.patch
+ bsc-1203931-17_drbd-only-reschedule-resync-quickly-if-resync-sector.patch
+ bsc-1203931-18_drbd-avoid-blocking-application-IO-by-continually-lo.patch
+ bsc-1203931-19_drbd-Fix-read-access-after-free.patch
- expat
-
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
- glibc
-
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- pthread-cond-wait-stack-align.patch: x86: fix stack alignment in
pthread_cond_[timed]wait (bsc#1196852)
- gnutls
-
- sysrng-linux: re-open /dev/urandom every time [bsc#1204763]
* Control the file descriptor closing method
* Backported from c95312c5831be5418dc02a86d72bcd1eafd4c145
* Add gnutls-re-open-dev_urandom-every-time.patch
- grub2
-
- Fix unreadable filesystem with xfs v4 superblock (bsc#1205520)
* 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
- Remove zfs modules (bsc#1205554)
* grub-remove-zfs-modules.patch
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- fs/xfs: add bigtime incompat feature support (bsc#1203387)
* grub2-fs-xfs-Add-bigtime-incompat-feature-support.patch
- hawk2
-
- Fix detection of partial upgrade (bsc#1196673)
* bsc#1196673-fix-detection-of-partial-upgrade.patch
- jasper
-
- security update:
* CVE-2022-2963 [bsc#1202642]
+ jasper-CVE-2022-2963.patch
- java-1_7_1-ibm
-
- IBM Security Update November 2022: [bsc#1205302, bsc#1204703]
* The security vulnerability CVE-2022-3676 was fixed in version
7.1.5.15, adding the reference here.
- kernel-default
-
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
(git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/module: fix loading modules with a lot of relocations
(git-fixes).
- s390/qeth: fix deadlock during failing recovery (bsc#1206213
LTC#200742).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1206213
LTC#200742).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
(git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
(git-fixes).
- s390: appldata depends on PROC_SYSCTL (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/pkey: fix paes selftest failure with paes and pkey static
build (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390/qeth: remove driver-wide workqueue (bsc#1206213
LTC#200742).
- s390/qeth: don't defer close_dev work during recovery
(bsc#1206213 LTC#200742).
- commit 1acccf5
- Delete and blacklist
patches.suse/s390-qeth-use-Read-device-to-query-hypervisor-for-MA.patch.
- commit 26d92fb
- blacklist.conf: add 6f390916c4fb KVM: s390: Ensure
kvm_arch_no_poll() is read once when blocking vCPU
- commit d8badd9
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 014ac33
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 4f96478
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- commit 0f3ab2f
- Delete
patches.suse/KVM-x86-Manually-calculate-reserved-bits-when-loadin.patch
and add it to blacklist.conf instead, as the patch breaks shadow page
tables for KVM guests without any real other gain (bsc#1205234).
- commit afc147a
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
- Refresh
patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
Fix up after merge from cve/4.12. The patch can be closer to upstream in
12sp5 as we have more than in the cve branch.
- commit c316a9f
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit 54d8403
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 0a9d163
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit 1430849
- cuse: prevent clone (bsc#1206120).
- fuse: don't check refcount after stealing page (bsc#1206119).
- fuse: retrieve: cap requested size to negotiated max_write
(bsc#1206118).
- fuse: use READ_ONCE on congestion_threshold and max_background
(bsc#1206117).
- commit 04cffe1
- blacklist.conf: added 4a6f278d4827 ("/fuse: add file_modified() to fallocate"/)
- commit 02645f1
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit 1051f51
- blacklist.conf: add hamradio
- commit 099ae10
- net: hns3: fix kernel crash when unload VF while it is being
reset (git-fixes).
- commit ae4bc46
- net: smsc911x: Fix unload crash when link is up (git-fixes).
- commit 5d0ae5f
- i40e: Fix kernel crash during module removal (git-fixes).
- commit 5410efd
- i40e: Fix reset path while removing the driver (git-fixes).
- commit a60eb44
- net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes).
- commit 9864107
- net: aquantia: Fix actual speed capabilities reporting
(git-fixes).
- Refresh
patches.suse/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch.
- commit 4b16854
- gianfar: Disable EEE autoneg by default (git-fixes).
- commit e3da720
- net: ethernet: arc: fix error handling in emac_rockchip_probe
(git-fixes).
- commit a60d1e6
- sfp: fix RX_LOS signal handling (git-fixes).
- commit e49032c
- net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
(git-fixes).
- commit 1a4980e
- xen-netfront: remove warning when unloading module (git-fixes).
- commit 8066ddd
- macsec: fix memory leaks when skb_to_sgvec fails (git-fixes).
- commit fdbdae5
- macsec: check return value of skb_to_sgvec always (git-fixes).
- commit 958f55b
- blacklist.conf: Add 51bee5abeab2 cgroup/pids: turn cgroup_subsys->free()
into cgroup_subsys->release() to fix the accounting
- commit 5bcd4d4
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 6514e10
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 9837fc7
- blacklist.conf: Add 45e1ba40837a cgroup: disable controllers at parse
time
- commit ccb9bf4
- blacklist.conf: Add threaded cgroups related patches
The come from stable-4.14, thus not relevant for us.
(One more cgroup patch added that's unneeded too.)
- commit dbc5a4e
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- Refresh
patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh
patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit e452934
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit cf52a0b
- add missing bug reference to a hv_netvsc patch file (bsc#1204850).
- commit e38a906
- blacklist.conf: add 72791ac854fea3
- commit f0edb3e
- blacklist.conf: add 5c13a4a0291b3019
- commit 2149313
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit 4bead56
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 3e8dd4e
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit 392a5ef
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit df41542
- blacklist.conf: add e8240addd0a3919e
- commit 5c7763d
- blacklist.conf: add 0f4558ae91870692c
- commit 480f3db
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit b478418
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit d9798f7
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit 05697f5
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit d643b77
- xen/blkback: fix memory leaks (git-fixes).
- commit 0f8219d
- blacklist.conf: add bce5963bcb4f
- commit 898778b
- Revert "/xen/balloon: Mark unallocated host memory as UNUSABLE"/
(git-fixes).
- blacklist.conf: remove added patch
- Refresh
patches.suse/0001-Revert-xen-balloon-Fix-crash-when-ballooning-on-x86-.patch.
- commit e16cca1
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL
usage (git-fixes).
- Refresh
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch.
- commit 51c6261
- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
- rename patch file and move it to the sorted section.
- commit a55d114
- xen/balloon: fix balloon initialization for PVH Dom0
(git-fixes).
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack-take-two.patch.
- Refresh
patches.suse/0001-xen-balloon-Support-xend-based-toolstack.patch.
- commit 5ba6e04
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit b8c3c6e
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit bfe3d11
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 7a7fe44
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 0d3422a
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit 0c5b296
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit 99af98d
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc567fb
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit c08cb70
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit 0cbe5b2
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit c25f15f
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit c306d38
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit a0adbc7
- xen-blkback: prevent premature module unload (git-fixes).
- commit cf8ca9e
- x86/xen: Return from panic notifier (git-fixes).
- commit 79e25ba
- xen/efi: Set nonblocking callbacks (git-fixes).
- commit c90ddf2
- xen/pciback: remove set but not used variable 'old_state'
(git-fixes).
- commit 9bb95c7
- always clear the X2APIC_ENABLE bit for PV guest (git-fixes).
- commit 0e5993e
- xen/pciback: Check dev_data before using it (git-fixes).
- commit 1cda86e
- kprobes/x86/xen: blacklist non-attachable xen interrupt
functions (git-fixes).
- commit c21b175
- net: xen-netback: fix return type of ndo_start_xmit function
(git-fixes).
- commit 7ad3ae2
- xen/scsiback: add error handling for xenbus_printf (git-fixes).
- commit 7517554
- xen: add error handling for xenbus_printf (git-fixes).
- commit e858168
- xen: xenbus: use put_device() instead of kfree() (git-fixes).
- commit fe0b840
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205908).
- ceph: fix fscache invalidation (bsc#1205907).
- ceph: fix potential race in ceph_check_caps (bsc#1205906).
- ceph: don't skip updating wanted caps when cap is stale
(bsc#1205905).
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
(bsc#1205904).
- ceph: check availability of mds cluster on mount after wait
timeout (bsc#1205903).
- ceph: return -EINVAL if given fsc mount option on kernel w/o
support (bsc#1205902).
- ceph: return -ERANGE if virtual xattr value didn't fit in buffer
(bsc#1205901).
- commit 24952fe
- mm, swap, frontswap: fix THP swap if frontswap enabled
(git-fixes).
- commit 61f5d01
- blacklist.conf: added xen/pvcalls related patches, as driver not in 4.12
- commit f9877af
- xen/grant-table: Use put_page instead of free_page (git-fixes).
- Refresh
patches.suse/xen-gnttab-fix-gnttab_end_foreign_access-without-pag.patch.
- Refresh
patches.suse/xen-grant-table-add-gnttab_try_end_foreign_access.patch.
- commit 5a79925
- xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes).
- commit e0b8207
- xen/gntdev: Fix off-by-one error when unmapping with holes
(git-fixes).
- commit 309e553
- xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes).
- commit c11ca0a
- Refresh
patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch.
- Refresh
patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch.
Update upstream status and move to sorted section.
- commit f034897
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit 3d8bb62
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 1a498e7
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617).
- PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017).
- hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017).
- hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017).
- hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017).
- PCI: hv: Use struct_size() helper (bsc#1204446).
- hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017).
- commit 8363ff1
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit dd1508b
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit bc92371
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 20328af
- blacklist.conf: Do not backport an intrusive KVM/S390 fix.
- commit dc91df6
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- KVM: s390: fix memory slot handling for
KVM_SET_USER_MEMORY_REGION (git-fixes).
- commit 91dd7c2
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit 2d196d4
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit 502b5e0
- blacklist.conf: not enabled
- commit 62afe05
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit e6e2ec1
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit ed9d761
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- Documentation: dm writecache: Render status list as list
(git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- PM: hibernate: fix sparse warnings (git-fixes).
- dm mpath: remove harmful bio-based optimization (git-fixes).
- blk-mq: add callback of .cleanup_rq (git-fixes).
- commit a1e0c0c
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit b1b4277
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit dc177c9
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 86c9eae
- media: mceusb: do not read data parameters unless required
(git-fixes).
- commit a5b2d37
- [media] mceusb: TX -EPIPE (urb status = -32) lockup fix
(git-fixes).
- commit 4fa96ff
- [media] mceusb: RX -EPIPE (urb status = -32) lockup failure fix
(git-fixes).
- commit 4ed839f
- [media] mceusb: fix inaccurate debug buffer dumps, and
misleading debug messages (git-fixes).
- Refresh
patches.suse/media-mceusb-fix-memory-leaks-in-error-path.patch.
- commit dec0bf7
- [media] mceusb: sporadic RX truncation corruption fix
(git-fixes).
- commit e1eba54
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 90f5154
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit 9d86fe0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit c275921
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 92ed14c
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 18f5fc2
- ipv6: use indirect call wrappers for {tcp, udpv6}_{recv,
send}msg() (bsc#1204414 CVE-2022-3567).
- commit ed98ad2
- ipv6: provide and use ipv6 specific version for {recv, send}msg
(bsc#1204414 CVE-2022-3567).
- commit f8fc818
- inet: factor out inet_send_prepare() (bsc#1204414
CVE-2022-3567).
- commit 2f26c25
- blacklist.conf: Add fixes for unsupported platforms
- commit 05248b6
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit 9676102
- blacklist.conf: Add bd31ecf44b8e KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
- commit ec74f0b
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (git-fixes).
- commit c7f58f1
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- Refresh patches.suse/do-not-default-to-ibrs-on-skl.patch.
- commit ca7c19a
- media: ite-cir: IR receiver stop working after receive overflow
(git-fixes).
- commit 0a8d27b
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
(git-fixes).
- commit 069a7c2
- Update metadata references
- commit 61da8f0
- blacklist.conf: build fix
- commit 42d485b
- media: mceusb: sanity check for prescaler value (git-fixes).
- commit ba3bebc
- blacklist.conf: duplicate
- commit d529ebe
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return
- EAGAIN for nowait (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- bfq: Update cgroup information before merging bio (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: don't delete queue kobject before its children
(git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- nbd: don't update block size after device is started
(git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq
(git-fixes).
- block: respect queue limit of max discard segment (git-fixes).
- null_blk: Fix the null_add_dev() error path (git-fixes).
- brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes).
- block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes).
- commit a6dd16c
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes).
- commit 8b26e24
- blacklist.conf: add 2 pervasive git-fixes
- commit 0bf3c41
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 52db277
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 2ee27a4
- hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes).
- x86/hyperv: Set pv_info.name to "/Hyper-V"/ (git-fixes).
- hv_netvsc: Sync offloading features to VF NIC (git-fixes).
- commit 4a8a7a9
- net: ethernet: ti: ale: fix seeing unreg mcast packets with
promisc and allmulti disabled (git-fixes).
- commit 940ee30
- net/mlx5: E-Switch, Hold mutex when querying drop counter in
legacy mode (git-fixes).
- commit 2e07a05
- bnxt_en: Free context memory after disabling PCI in probe
error path (git-fixes).
- commit 720cc36
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S
(git-fixes).
- commit 9d7339e
- net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
- commit 20e8907
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
Refresh patches.suse/0018-KVM-arm64-Add-templates-for-BHB-mitigation-sequences.patch
Refresh patches.suse/0008-kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
- commit 043a003
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
(git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation
(git-fixes).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes).
- s390/qeth: vnicc Fix init to default (git-fixes).
- s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes).
- s390/qeth: fix false reporting of VNIC CHAR config failure
(git-fixes).
- s390/qeth: Fix initialization of vnicc cmd masks during set
online (git-fixes).
- s390/qeth: Fix error handling during VNICC initialization
(git-fixes).
- commit 6e472df
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
(git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
(git-fixes).
- vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes).
- commit 76839b9
- Refresh
patches.suse/Fix-releasing-of-old-bundles-in-xfrm_bundle_lookup-b.patch.
- commit 374b5d5
- blacklist.conf: cleanup intended to break kABI
- commit c84e993
- usb: chipidea: udc: check request status before setting device
address (git-fixes).
- commit cb47b3a
- usb: musb: Fix suspend with devices connected for a64
(git-fixes).
- commit f48dc12
- net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes).
- commit b1650a6
- net: hns3: disable sriov before unload hclge layer (git-fixes).
- commit d345db6
- net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes).
- commit 48b09a8
- net: hns3: reset DWRR of unused tc to zero (git-fixes).
- commit 8875465
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- commit 0db1cd8
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- commit aefa3aa
- can: rcar_can: fix suspend/resume (git-fixes).
- commit 132b32d
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- commit a0a50ea
- i40e: fix endless loop under rtnl (git-fixes).
- commit 0544181
- phy: mdio: fix memory leak (git-fixes).
- commit a953b17
- Revert "/net: mdiobus: Fix memory leak in __mdiobus_register"/ (git-fixes).
- commit 8056426
- net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes).
- commit 97ee07d
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- commit 4f15909
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- commit cc79b14
- net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes).
- commit 09955f8
- net: hns3: check vlan id before using it (git-fixes).
- commit bfc3c2e
- net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes).
- commit c549aee
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 5162019
- Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 4db2648
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- commit d145d85
- ptp: dp83640: don't define PAGE0 (git-fixes).
- commit ba826c9
- natsemi: sonic: stop calling netdev_boot_setup_check
(git-fixes).
- commit 3ddf5c6
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- commit 590981e
- blacklist.conf: update blacklist
- commit e42313e
- blacklist.conf: update blacklist for git-fixes commits
- commit 3de45db
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit aefe870
- bnxt_en: Clean up completion ring page arrays completely
(git-fixes).
- commit 39641b0
- bnxt_en: Don't use static arrays for completion ring pages
(git-fixes).
- commit 7ae4ad6
- bnxt_en: Increase maximum RX ring size if jumbo ring is not used
(git-fixes).
- commit 8ab9e71
- net: natsemi: Fix missing pci_disable_device() in probe and
remove (git-fixes).
- commit b1e1228
- sis900: Fix missing pci_disable_device() in probe and remove
(git-fixes).
- commit 9b32829
- tulip: windbond-840: Fix missing pci_disable_device() in probe
and remove (git-fixes).
- commit 1916370
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- commit 91f7e82
- net/mlx5: Fix flow table chaining (git-fixes).
- commit 50c9e7c
- NIU: fix incorrect error return, missed in previous revert
(git-fixes).
- commit 697aa31
- ixgbe: Fix packet corruption due to missing DMA sync
(git-fixes).
- commit 523784f
- net: ti: fix UAF in tlan_remove_one (git-fixes).
- commit 0aebd34
- net: qcom/emac: fix UAF in emac_remove (git-fixes).
- commit 5b6315c
- net: moxa: fix UAF in moxart_mac_probe (git-fixes).
- commit cf3a72b
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
(git-fixes).
- commit 9d4ba6f
- igb: Fix position of assignment to *ring (git-fixes).
- commit 3c1202a
- igc: change default return of igc_read_phy_reg() (git-fixes).
- commit df2e2f4
- igc: Fix use-after-free error during reset (git-fixes).
- commit 251ef5a
- virtio_net: move tx vq operation under tx queue lock
(git-fixes).
- commit 90eec50
- vxlan: add missing rcu_read_lock() in neigh_reduce()
(git-fixes).
- commit 156a458
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- commit 8b83e49
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (git-fixes).
- commit 2da1970
- ice: Increase control queue timeout (git-fixes).
- commit 5d9b03d
- blacklist.conf: update blacklist
- commit e370582
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729).
- commit 3b44e8a
- sunrpc: Re-purpose trace_svc_process (bsc#1205006).
- commit cdf529c
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit 7c13cdf
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit da95687
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 10722c0
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 924938c
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: define get_cycles macro for arch-override (git-fixes).
- commit f757324
- blacklist.conf: s390: No need to fix VSIE.
- commit 0194543
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
flag (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
(git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
guests (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390: split kvm_s390_logical_to_effective (git-fixes).
- commit 63379a7
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 28012b2
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit 284cbb1
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit fa89806
- blacklist.conf: livepatch: 32-bit only
- commit 4273e1d
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit 2506784
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit 6135eb4
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit b8d4061
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 9169c2c
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit da87a2f
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 56e3837
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit f6b96f7
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 3e65661
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit d91da96
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit a0bbb4b
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit 2dbafe6
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit fda3a5b
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 2778e59
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 3e162e8
- i40e: improve locking of mac_filter_hash (git-fixes).
- commit 143807c
- net: marvell: fix MVNETA_TX_IN_PRGRS bit number (git-fixes).
- commit a0ef80c
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- commit 3f4f3ee
- ppp: Fix generating ppp unit id when ifname is not specified
(git-fixes).
- commit 8e47822
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
(git-fixes).
- commit 8d0bcb7
- net: dsa: mt7530: add the missing RxUnicast MIB counter
(git-fixes).
- commit 57a9699
- net: vxge: fix use-after-free in vxge_device_unregister
(git-fixes).
- commit 1d9b679
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit 13c92ff
- net: mvpp2: Put fwnode in error case during ->probe()
(git-fixes).
- commit ec00850
- net/mlx5e: Remove dependency in IPsec initialization flows
(git-fixes).
- commit e587509
- net/mlx4: Fix EEPROM dump support (git-fixes).
- commit ebb3264
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- commit 24bcdc7
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
(git-fixes).
- commit 021da5e
- bnxt_en: Fix RX consumer index logic in the error path
(git-fixes).
- commit f39a791
- net: lapbether: Prevent racing when checking whether the netif
is running (git-fixes).
- commit 4bee41d
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit e0d8a19
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (git-fixes).
- commit cc02dbe
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 8a11cdd
- r8169: fix jumbo packet handling on RTL8168e (git-fixes).
- commit 5965441
- i40e: Fix overwriting flow control settings during driver
loading (git-fixes).
- commit a33b4c7
- i40e: Fix flow for IPv6 next header (extension header)
(git-fixes).
- commit b64f750
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- commit b2e387c
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (git-fixes).
- commit 366a419
- USB: serial: ch341: fix lost character on LCR updates
(git-fixes).
- commit 50da091
- net: amd-xgbe: Reset link when the link never comes back
(git-fixes).
- commit b7ab28e
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (git-fixes).
- commit 183da9c
- bnxt_en: reverse order of TX disable and carrier off
(git-fixes).
- commit d1661a3
- blacklist.conf: update blacklist
- commit 379051a
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 9910802
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- commit a1cf7e6
- Input: gscps2 - check return value of ioremap() in
gscps2_probe() (git-fixes).
- commit 2ec370b
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 0ac14cd
- memcg, kmem: do not fail __GFP_NOFAIL charges (bsc#1204755).
- commit 3f2ce02
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 8a8ede5
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit 2edb1f4
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 0ea44f9
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit be1109d
- USB: serial: ch341: fix lockup of devices with limited prescaler
(git-fixes).
- Refresh
patches.suse/Revert-USB-serial-ch341-add-new-Product-ID-for-CH341.patch.
- Refresh
patches.suse/USB-serial-ch341-sort-device-id-entries.patch.
- commit 4dd7140
- USB: serial: ch341: fix receiver regression (git-fixes).
- commit c932590
- USB: serial: ch341: reimplement line-speed handling (git-fixes).
- commit b324632
- USB: serial: ch341: add basis for quirk detection (git-fixes).
- commit 113d16b
- blacklist.conf: duplicate of b4a64ed6e7b857317070fcb9d87ff5d4a73be3e8
- commit ff064ba
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit ee0dc75
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit ece443c
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- commit d234200
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit cf0c998
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit d20af40
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 5b67fc6
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit d14e803
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit 92746cd
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ffa0698
- Update metadata references
- commit 090bf0c
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit baac8bc
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit a6ab2c6
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- commit f308a7a
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(git-fixes).
- commit 1416c1e
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- Refresh patches.suse/USB-serial-option-add-Quectel-RM520N.patch.
- commit 891a8cf
- USB: serial: option: add support for OPPO R11 diag port
(git-fixes).
- commit a94c0a4
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- commit b4e5f08
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 0f4a423
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 07bccdc
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit ef2b928
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit a313609
- x86/xen: Remove undefined behavior in setup_features()
(git-fixes).
- commit baac9c4
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8a3b61b
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
(bsc#1200788 CVE-2022-2153).
- commit 661c2ce
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 3a9cc04
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit c6701d7
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 0d160b3
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit b4f4125
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit 95457fb
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203142 LTC#199883).
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (bsc#1203198 LTC#199898).
- commit 8606330
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1203514 CVE-2022-40768).
- commit 73e670f
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 6bd6b60
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 729cf0b
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 95fbcd2
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit 61ed64b
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 469e1ea
- blacklist.conf: ignore unwanted nfs/md patches
- commit 968a253
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- ACPI: processor_idle: Skip dummy wait if kernel is in guest
(bnc#1203802).
- commit 51d1632
- nvme: restrict management ioctls to admin (bsc#1203290
CVE-2022-3169).
- commit 9735897
- s390: fix double free of GS and RI CBs on fork() failure
(bsc#1203254 LTC#199911).
- s390/guarded storage: simplify task exit handling (bsc#1203254
LTC#199911).
- commit 33e512e
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit dd58489
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit e991b90
- Revert "/sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)"/
This reverts commit 8d1c33d1ed3d4b198344cf4cf8763447532f6b90
since it breaks the build
- commit 253e49e
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 0516b01
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(bsc#1203322 CVE-2022-40307).
- commit 8166d5e
- Add CVE reference on lightnvm removal patch
modified:
- patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 0412b0e
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit b440061
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit d6070f7
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e024e1e
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 88f61a5
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- commit 0429966
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 1828312
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- commit 960c031
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 8e21ba7
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- commit 24dad4e
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- commit 3b41e99
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048)
Backporting notes:
* context changes
- commit f023a62
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1154048)
- commit 6c2117a
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)
Backporting notes:
* context changes
* config update
- commit 8d1c33d
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1129770)
- commit 015493e
- Revert "/video: hgafb: fix potential NULL pointer dereference"/ (bsc#1129770)
Backporting notes:
* test return value of ioremap() and return an error
- commit dfae32b
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
(CVE-2022-41848 bsc#1203987).
- commit 4b5f9dc
- Input: melfas_mip4 - fix return value check in mip4_probe()
(git-fixes).
- commit 327938f
- xhci: bail out early if driver can't accress host in resume
(git-fixes).
- commit 7b6647e
- blacklist.conf: no gadget mode in SLE12
- commit 4ef9a32
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 0686374
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit 6704bc6
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 0c59466
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 80ea4bf
- scsi: qla2xxx: Remove unused declarations for qla2xxx
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 6a1070c
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1203935).
- commit c812e29
- blacklist.conf: Add 1bf4580e00a2 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- commit 2a37e27
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- commit d956a8c
- Input: iforce - constify usb_device_id and fix space before
'[' error (git-fixes).
- commit bfb50de
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path
(git-fixes).
- commit b282bf7
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- commit f6eaf2e
- USB: serial: option: add Quectel RM500K module support.
- commit 981a205
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- commit 3376669
- USB: serial: option: add Telit LE910Cx 0x1250 composition
(git-fixes).
- commit f8d705a
- blacklist.conf: irrelevant in our configurations
- commit c5487ee
- USB: serial: option: add support for Cinterion MV31 with new
baseline (git-fixes).
- commit ce91afd
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
(git-fixes).
- commit 2a4a3b7
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 510678c
- xfs: enable big timestamps (bsc#1203387).
- commit f5ecebd
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(git-fixes).
- commit 4e282b8
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (git-fixes).
- commit 85d64e6
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(git-fixes).
- commit 63072dd
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(git-fixes).
- commit 93c7c8f
- blacklist.conf: irrelevant in our configurations
- commit 1ea4ae1
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit fc09d0c
- blacklist.conf: blacklist commit 02c0cab8e734
- commit 07b2c53
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 21400d8
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
bsc#1203769).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit accf4df
- md: call __md_stop_writes in md_stop (git-fixes).
- Revert "/md-raid: destroy the bitmap after destroying the thread"/
(git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- commit ab754e2
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit a86f7ba
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit a71ecee
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit de56df3
- xfs: preserve default grace interval during quotacheck
(bsc#1203387).
- commit 32fdbbb
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 231362a
- blacklist.conf: add several SCSI commits to black list
- commit 82ee683
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit b210a45
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit ea13b52
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit 31e0e71
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit 852ad51
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit 0ca10b2
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit fdfb081
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- Refresh patches.suse/xfs-unsupported-features.patch.
- commit 480b158
- media: em28xx: initialize refcount before kref_get
(CVE-2022-3239 bsc#1203552).
- commit 477c587
- xfs: account finobt blocks properly in perag reservation
(bsc#1203387).
- commit 2390201
- powerpc: Use device_type helpers to access the node type
(bsc#1203424 ltc#199544).
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-update-code.patch.
- commit b1e0425
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 5d51965
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- Refresh for the above patch added in,
blacklist.conf: remove the above patch from blaclist.conf
patches.suse/0034-dm-verity-add-check_at_most_once-option-to-only-vali.patch.
- commit 1b3d265
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
bsc#1202677).
- commit b644c0f
- Update references:
- patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
- patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
- patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
- patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
- patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
- patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
- patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
(add CVE-2022-32296 bsc#1200288)
- commit 97c264a
- x86/bugs: Reenable retbleed=off
While for older kernels the return thunks are statically built in and
cannot be dynamically patched out, retbleed=off should still be possible
to do so that the mitigation can still be disabled on Intel who don't
use the return thunks but IBRS.
- Refresh
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit e330fc7
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
(bsc#1203462).
- commit b3b2090
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit 39653db
- Update
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
(bsc#1124235), adding back Refernces lost in previous update.
- commit 47c6490
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
(git-fixes).
- Refresh patches.suse/scsi-libfc-handling-of-extra-kref.
- commit 27f7754
- mmc: block: fix read single on recovery logic (CVE-2022-20008
bsc#1199564).
- commit 1fdd74c
- git_sort: Cleanup series_insert test setup and add test for patch with
missing headers
- commit 05c630d
- scsi: ch: Make it possible to open a ch device multiple times
again (git-fixes).
- Refresh
patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch.
- Replace/Refresh
patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
("/scsi: ch: fixup refcounting imbalance for SCSI devices"/)
with actual upstream version of this commit, which makes it apply
correctly (it was just a "/submitted"/ version)
- commit cb2ed7c
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (git-fixes).
- commit 6d3bb9f
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 85ce439
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit a67ea91
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit ed06fa8
- scsi: lpfc: Check the return value of alloc_workqueue()
(git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
(git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- Revert "/scsi: sd: Keep disk read-only when re-reading partition"/
(git-fixes).
- scsi: core: Avoid that a kernel warning appears during system
resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning
(git-fixes).
- commit 2cdb167
- cifs: clean up an inconsistent indenting (bsc#1190317).
- commit 84e7187
- git_sort: Check if Patch-mainline tag exists
If Patch-mainline and Git-commit tags are missing in the patch, sort script
will fail with:
IndexError: list index out of range
This change ensures that Patch-mainline tag is present and if not, raise
an error to warn the user.
- commit 10d17a7
- Update
patches.suse/mm-rmap.c-don-t-reuse-anon_vma-if-we-just-want-a-copy.patch
(git-fixes, bsc#1203098).
- commit 3881fc3
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
(CVE-2022-39188, bsc#1203107).
- commit 7df6276
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
bsc#1202097).
- commit 7253cd6
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- commit 8addcab
- MyBS: Fix upload to OBS.
When a cookie is received and SSH authentication is not used osc_wrapper
crashes with message:
Can't use an undefined value as a symbol reference at MyBS.pm line 290.
Fix this by not trying to save cookies for plain authentication.
- commit fc4c81a
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"/find -xtype l"/ will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- ip6: fix skb leak in ip6frag_expire_frag_queue (bsc#1202972)
- commit da5fa15
- cifs: move from strlcpy with unused retval to strscpy
(bsc#1190317).
- commit bb4c21d
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
(bsc#1190317).
- commit f2b9741
- cifs: remove unused server parameter from calc_smb_size()
(bsc#1190317).
- commit c52dabc
- cifs: Do not use tcon->cfid directly, use the cfid we get from
open_cached_dir (bsc#1190317).
- commit ed7d7cd
- cifs: fix lock length calculation (bsc#1190317).
- commit 704a256
- cifs: alloc_mid function should be marked as static
(bsc#1190317).
- commit 1cd087c
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
(bsc#1190317).
- commit 7d1a646
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- commit 39cdb6e
- cifs: remove remaining build warnings (bsc#1190317).
- commit bb9d34f
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- commit 36dc5c1
- cifs: remove minor build warning (bsc#1190317).
- commit 99f07da
- cifs: remove some camelCase and also some static build warnings
(bsc#1190317).
- commit 12a6e0e
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- commit 042656d
- cifs: remove redundant initialization to variable
mnt_sign_enabled (bsc#1190317).
- commit 5f2fe58
- smb3: check xattr value length earlier (bsc#1190317).
- commit 420acb4
- linux.keyring: Downgrade to older format.
Compatibility with SLE12 SP5.
- commit cd7de7f
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- commit cc50c41
- cifs: return errors during session setup during reconnects
(bsc#1190317).
- commit f26e757
- cifs: fix uninitialized pointer in error case in
dfs_cache_get_tgt_share (bsc#1190317).
- commit 2cd67ba
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- commit 6ad2a16
- cifs: version operations for smb20 unneeded when legacy support
disabled (bsc#1190317).
- commit c14744a
- cifs: when extending a file with falloc we should make files
not-sparse (bsc#1190317).
- commit 722a067
- smb3: check for null tcon (bsc#1190317).
- commit 19827ce
- cifs: return the more nuanced writeback error on close()
(bsc#1190317).
- commit 21102b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
(bsc#1190317).
- commit 55e93f1
- smb3: don't set rc when used and unneeded in query_info_compound
(bsc#1190317).
- commit b7a8710
- cifs: smbd: fix typo in comment (bsc#1190317).
- commit 0fd8d36
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1190317).
- commit 18a7023
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- commit cebd44b
- cifs: move definition of cifs_fattr earlier in cifsglob.h
(bsc#1190317).
- commit de5bdb2
- tar-up.sh: Include kernel signature in OBS upload.
It is not clear that OBS can handle uncompressed tar signatures but it
can still be verified manually.
- commit cb24650
- scripts: Verify tarball signature before use.
While there are Linux tarballs provided in standard location on many
machines it is not clear where these mirrors are mounted from, how
secure was the mirroring proccess, and the storage itself.
For local testing it is faster to use git but for OBS builds we want
the upstream tarballs to get bit-identical tarball files, and then we
also want the verification to ensure integrity of the mirror.
xz compressions is not completely deterministic, and while the tarball
content should be the same the bit representation varies. When
uploadiong to OBS it is desirable to use bit-identical files to prevent
OBS storing multiple big files with the same content inside but not
apparently identical.
- commit a075c40
- module: change to print useful messages from
elf_validity_check() (git-fixes).
- commit aa3765e
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit 99976e2
- module: harden ELF info handling (git-fixes).
- Refresh
patches.suse/0001-module-warn-if-module-init-probe-takes-long.patch.
- Delete
patches.suse/0005-modsign-print-module-name-along-with-error-message.patch
(info->mod->name is no longer available in module_sig_check() due to
the backported patch).
- commit 6bb95a5
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1190317).
- commit ef2c03a
- SMB3: EBADF/EIO errors in rename/open caused by race condition
in smb2_compound_op (bsc#1190317).
- commit 1850f8f
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- commit a9f06fa
- cifs: fix NULL ptr dereference in refresh_mounts()
(bsc#1190317).
- commit 67eb87c
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- commit 60e64c6
- cifs: verify that tcon is valid before dereference in
cifs_kill_sb (bsc#1190317).
- commit 2548aaa
- cifs: potential buffer overflow in handling symlinks
(bsc#1190317).
- commit 4a3401c
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- commit a7766a9
- cifs: release cached dentries only if mount is complete
(bsc#1190317).
- commit 0e4cc46
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- commit 396d99d
- cifs: remove check of list iterator against head past the loop
body (bsc#1190317).
- commit 53771a6
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(bsc#1190317).
- commit 4dc7010
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
(bsc#1190317).
- commit d9eafa4
- cifs: change smb2_query_info_compound to use a cached fid,
if available (bsc#1190317).
- commit 8153d9b
- cifs: convert the path to utf16 in smb2_query_info_compound
(bsc#1190317).
- commit feab50e
- cifs: we do not need a spinlock around the tree access during
umount (bsc#1190317).
- commit 3cf620b
- cifs: fix handlecache and multiuser (bsc#1190317).
- commit 61380d0
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1190317).
- commit 33643f3
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1190317).
- commit 96ae468
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1190317).
- commit dd406c0
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- commit 063a3b9
- cifs: mark sessions for reconnection in helper function
(bsc#1190317).
- commit 145a355
- Fix a warning about a malformed kernel doc comment in cifs
(bsc#1190317).
- commit 5777710
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
path is empty (bsc#1190317).
- commit 11e7725
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- commit 2dd27f0
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- commit ec6873e
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
(bsc#1190317).
- commit c2c268e
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- commit f5d8a69
- cifs: fix ntlmssp auth when there is no key exchange
(bsc#1190317).
- commit 0965ebd
- MyBS: Avoid lock recursion in certificate check
SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
CA certificate as the SSL trust root.
Check that the error is caused by bad certificate, and don't handle
other errors so that users can see authentication errors correctly.
Also unlock the cookie storage in case the problem is resolved with
using the built-in certificate.
- commit 21d6a61
- MyBS: Save hoarded cookies to disk
The performance of the OBS SSH authentication system is very bad, and
can be overwhelmed by about 1 authentication/s.
With osc saving cookies to disk this is not seen as problem.
Saving cookies to disk in MyBS should work around the authentication
system performance problem until it's resolved.
The design ensures that processes competing for authentication use the
same cookie once one become available rether than authenticating
independently, overwhelming the authentication service.
- Reading cookie file is lockless, file update atomic with mv
- Requesting auth & writing out obtained cookie is locked
- To be able to break stale lock the lockfile is empty, cookie is saved
to a separate tmeporary file
Cookie file contains the whole Set-Cookie header content. It would be
possible to add support for multiple cookies but OBS only ever sets one
cookie so multiple cookies are not supported.
- commit 37ed7ba
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- Add dtb-starfive
- commit 85335b1
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit a90bbcf
- Add dtb-microchip
- commit c797107
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- commit 52a1ad7
- krb5
-
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bsc#1205126);
- Added patches:
* 0126-Fix-integer-overflows-in-PAC-parsing.patch
- libX11
-
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
* security update for CVE-2022-3555 (bsc#1204425)
- libdb-4_8
-
- Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
* Backport the upsteam commits:
- Fixed several possible crashes when running db_verify
on a corrupted database. [#27864]
- Fixed several possible hangs when running db_verify
on a corrupted database. [#27864]
- Added a warning message when attempting to verify a queue
database which has many extent files. Verification will take
a long time if there are many extent files. [#27864]
* Add libdb-4_8-CVE-2019-2708.patch
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- Security fix: [bsc#1204357, CVE-2022-3515]
* Detect a possible overflow directly in the TLV parser.
* Add libksba-CVE-2022-3515.patch
- liblogging
-
- Use %license instead of %doc [bsc#1082318]
- fix SLE 12 build
- Use python3 version of rst2man when available
- Run spec-cleaner
- liblogging 1.0.6:
* fix small memory leaks in libstdlog
* enhancement: sigsafe_printf now recognizes the "/j"/ length
modifier
* fix: build_file_line and build_syslog_frame call the
__stdlog_print_* functions incorrectly
* Implement a STDLOG_PID option
* bugfix: potentialSEGV in the stdlog_sigsafe_string formatter
if NULL pointer was passed in
* bugfix: stdlog_sigsafe_printf mis-handles an int or unsigned
int
* build system: auto-detect presence of journal libraries
- When building with systemd-journal support, only buildrequire
pkgconfig(libsystemd-journal) on openSUSE 13.1. On newer
versions, buildrequrie pkgconfig(libsystemd). The sublibaries have
been merged in version 209 (13.2 shipped systemd 210).
- make the suse_version portable
- fix broken conditional with sles_version macro
- Remove redundant ldconfig requires
- liblogging 1.0.5:
+ cleanup for systemd-journal >= 209
+ bugfix: date stamp was incorrectly formatted
- libtasn1
-
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
- libtirpc
-
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
connections (bsc#1201680)
- backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
- update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libxml2
-
- Security fixes:
* [CVE-2022-40303, bsc#1204366] Fix integer overflows with
XML_PARSE_HUGE
+ Added patch libxml2-CVE-2022-40303.patch
* [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
entity reference cycles
+ Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
* Cross-site scripting vulnerability after commit 960f0e2
* Add libxml2-CVE-2016-3709.patch
- libxslt
-
- Fix broken license symlink for libxslt-tools [bsc#1203669]
- libzypp
-
- properly reset range requests (bsc#1204548)
- version 16.22.5 (0)
- Fix package signature check (bsc#1184501)
- lifecycle-data-sle-live-patching
-
- Added data for 4_12_14-122_133, 4_12_14-122_136, 4_12_14-95_108,
4_12_14-95_111. (bsc#1020320)
- Added data for 4_12_14-122_127, 4_12_14-122_130, 4_12_14-95_102,
4_12_14-95_105. (bsc#1020320)
- mozilla-nspr
-
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function.
- mozilla-nss
-
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
called when the repeat integrity check fails (bsc#1198980).
- Require libjitter only for SLE15-SP4 and greater
- update to NSS 3.79.2 (bsc#1204729)
* bmo#1785846 - Bump minimum NSPR version to 4.34.1.
* bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken
builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
(bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
longer symmetric keys via the service level indicator
(bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
entropy. This is disabled until we can avoid the inline assembler
in the latter's header file that relies on GNU extensions.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
when both NSS_FIPS and /proc FIPS mode are enabled.
- multipath-tools
-
- Use %tmpfiles_create macro for tmpfiles.d file
- Update to version 0.7.9+232+suse.cbc3754:
* Fix multipathd authorization bypass and symlink attack
(bsc#1202739 CVE-2022-41973 CVE-2022-41974)
* add multipath-dracut.conf: dracut config file to install
tmpfiles.d/multipath.conf in initramfs
- Update to version 0.7.9+229+suse.a7d71062:
* Avoid linking to libreadline to avoid licensing issue
(bsc#1202616)
- Update to version 0.7.9+208+suse.8c8dded:
* libmultipath: use uint64_t for sg_id.lun (bsc#1187534)
- net-snmp
-
- Fixed NULL pointer exception issue when handling ipDefaultTTL or
pv6IpForwarding (bsc#1205148, CVE-2022-44793, bsc#1205150, CVE-2022-44792).
- Fixed potential bad free and changed usage of strtok to strtok_r to
avoid a race condition (bsc#1198059).
add:
* net-snmp-5.7.3-disallow_SET_requests_with_NULL_varbind.patch
* net-snmp-5.7.3-fix-potential-bad-free.patch
* net-snmp-5.7.3-use-strtok_r-for-strtok.patch
- removed hard libopenssl-devel requirement (bsc#1203572)
- nfs-utils
-
- Add 0202-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
Allow server scope to be set - removes the need to run nfsd
inside a private UTS namespace for fail-over applications
(bsc#1203746)
- 0201-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- openldap2
-
- bsc#1203320 - Resolve broken symlinks in documentation
- openssh
-
- Add -Y option (jsc#SLE-24949)
+ openssh-More-BSD-compat-functions-recallocarray-getpagesize-.patch
+ openssh-Add-more-sshbuf-functions-sshbuf_dup_string-sshbuf_c.patch
+ openssh-New-option-parsing-functions.patch
+ openssh-ssh-keygen-ssh-agent-intergration.patch
+ openssh-test-updates.patch
+ openssh-test-fixups.patch
+ openssh-Add-ssh-keygen-Y-option-sshsig.patch
- Ship added protocol file as documentation.
- Refresh openssh-7.2p2-gssapi_key_exchange.patch: fix up tests broken by gssapi
- Run tests during build
- cycle patches through git, use autopatch.
- openssl-1_0_0
-
- Added openssl-1_0_0-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- openssl-1_1
-
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- pacemaker
-
- tools: prevent possible crm_resource segfaults if multiple commands are specified (bsc#1198409)
* bsc#1198409-0002-Fix-tools-prevent-possible-crm_resource-segfaults-if.patch
- tools: set commands in crm_resource before changing any options (bsc#1198409)
* bsc#1198409-0001-Refactor-tools-set-commands-in-crm_resource-before-c.patch
- controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715)
* bsc#1198715-0001-Log-controller-log-an-info-instead-of-a-warning-for-.patch
- controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759)
* bsc#1196673-0001-Feature-controller-record-CRM-feature-set-as-a-trans.patch
- permissions
-
* fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20170707:
- pixman
-
- Add pixman-CVE-2022-44638.patch: avoid an integer overflow
(boo#1205033 CVE-2022-44638).
- python
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
target.
- python-azure-agent
-
- Add paa_12_sp5_rdma_no_ext_driver.patch (bsc#1203181)
- Update to version 2.8.0.11 (bsc#1203164)
+ Enabled support for Fast Track (faster processing of extensions)
+ Add telemetry for VM Size
+ Add telemetry for environment variables passed to extensions
+ Enforce CPU quota on the Agent on Red Hat and CentOS 7.4+
+ Restore all firewall rules needed for communication with the WireServer
+ Fix false positives reporting processes in the Agent's cgroup
+ Fix false errors when collecting debug logs
+ Don't report incorrect CPU usage data
+ Fetching a goal state with empty certificates property
+ Silence goal state fetch errors after 3 logs
+ Change fast track timestamp default from None to datetime.min
+ Retry HGAP's extensionsArtifact requests on BAD_REQUEST status
+ Support for Rocky Linux
+ RHEL 8
+ RHEL 9
+ Preliminary work to enforce CPU quota on extensions
+ Preliminary work for management of agent self-updates [GA Versioning]
+ Add CentOS 7.9 to end-to-end-tests
+ Add Mariner to end-to-end-tests
- 2.8.0.11 followed 2.7.3.0, no intermediate releases
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
- Update to 2.7.3.0 (jsc#PED-1298)
+ Remove proper_dhcp_config_set.patch included upstream
+ Remove sle_hpc-is-sles.patch included upstream
+ Forward port reset-dhcp-deprovision.patch
+ Retry HGAP's extensionsArtifact requests on BAD_REQUEST status #2622
+ Use 'ip' instead of 'ifdown/ifup' to restart network interface on
RHEL >= 8.6 #2612 #2624
- From 2.7.1.0
+ hotfix for OOM errors on the log collector
- From 2.7.0.6
+ Increase time of autoupdates after updates are available #2403
+ Send telemetry when upgrade available #2421
+ Enable collection of debugging information #2436, #2453, #2510
+ Add support for Python 2.6 to the debug info collection code #2452
+ Enable CPU/memory data collection on RedHat and CentOS #2450
+ Exclude end-to-end tests from Agent setup #2396, #2402
+ Fix log message in cgroups management #2427
+ Fix parsing of malformed error.json files #2433
+ Allow DNS queries over TCP #2429
+ Dont exit extension handler process if unable to fetch
first goal state #2440
+ Improvements for Mariner #2407, #2414
+ Add uos support #2420
+ Add support for VMware PhotonOS #2431
- From 2.6.0.2
+ added cloudlinux support (#2344)
+ Enable extensions cpu monitoring (#2357, #2384, #2391)
+ Support Flatcar Container Linux (#2365)
+ Retrieve VmSettings from HostGAPlugin
(#2378, #2382, #2386, #2394, #2397, #2404)
+ Set Agent's CpuQuota to 75% (#2383)
+ Use handler status if extension status is None when computing
the ExtensionsSummary (#2358) (#2361)
+ fix bug with dependent extensions with no settings (#2285) (#2362)
+ Create events dir for handlers if ETP enabled (#2366)
+ Report status even if goal state cannot be processed (#2370)
+ Define ExtensionsSummary.eq (#2371) (#2373)
+ Implement ExtensionsSummary.ne in terms of eq (#2375)
- From 2.5.0.2
+ Enable Extension Telemetry Pipeline (#2337, #2339)
+ Enable Periodic Log Collection in systemd distros (#2295,#2289)
+ Implement InitialGoalStatePeriod parameter + improvements in logging
goal state processing(#2332)
+ Fix operation name in InitializeHostPlugin event(#2338)
+ Mock systemctl stop cmd (#2335)
+ Report transitioning when status file not found (#2330)
+ Dont create default status file for Single-Config extensions (#2318)
+ Do not create placeholder status file for AKS extensions (#2298)
+ Save waagent_status to history folder and add additional details to
the status file (#2325,#2301,#2270)
+ Rename Debug.FetchVmSettings to Debug.EnableFastTrack (#2324)
+ Update HostGAplugin headers before fetching vmSettings (#2323)
+ Handle HTTP GONE in vmSettings request (#2321)
+ Added log statements to debug issues in vmSettings API(#2317)
+ Remove reference to re.IGNORECASE (#2316)
+ Add and remove extension slice (#2315)
+ FastTrack changes (#2314, #2313,#2306, #2304,#2294, #2293)
+ Helper to handle exception message(#2305)
+ Remove trailing spaces from command name (#2296)
+ Add debug info for systemd-run false positives (#2292)
+ Move Github Actions VMs to Ubuntu 18 (#2291)
+ Onboard redhat82, ubuntu20 (#2290, #2279)
+ Allow systemd-run in the Agent's cgroup (#2287)
+ Use handler status if extension status is None (#2358)
+ Bug Fix :Define ExtensionsSummary.ne (#2371)
- From 2.4.0.2
+ Support for Multi config (#2245, #2261)
+ Support sles 15 sp2 distro (#2272)
+ Cleanup history folder every 30 min (#2258)
+ Updated _read_status_file to include a fragment of status file in
the exception (#2257)
+ Fix telemetry unicode errors (Re-add #1937) (#2278)
+ Match IPoIB interface with any alphanumeric characters (#2239)
+ Fix bug with dependent extensions with no settings (#2285)
+ Do not create placeholder status file for AKS extensions (#2298)
+ Refactoring of Agent's main loop (#2275)
+ Exception for Linux Patch Extension for creating placeholder
status file (#2307)
+ Dont create default status file for Single-Config extensions (#2318)
+ Fix bad logging (#2241)
+ Fixed logging of PeriodicOperation (#2263)
+ Log collector broken pipe fix (#2267)
+ Improved logging for Multi config (#2246)
- From 2.3.1.1
+ revert for reducing the time window where we restart the network
interfaces of the VM
- From 2.3.0.2
+ Enforce CPUQuota on agent #2222, #2226
+ Add support for RequiredFeatures and GoalStateAggregateStatus APIs
[#2190], #2206, #2209, #2216
+ Added fallback locations for extension manifests #2188
+ Add missing call to str.format() when creating exception #2193
+ Remove helper network service on deprovision #2191
+ Use a helper script to start the network service #2225 #2253
+ Initialize published_hostname using /var/lib/cloud/data/set-hostname #2215
+ Fix utf logging for persist firewall rules #2237
+ Replace firewall-setup unit file if changed #2236
- From 2.2.54
+ PA changes to check cloud-init (#2061)
+ log collector (#2066)
+ cgroups CPU percentage py processor count (#2074)
+ Parse InVMGoalStateMetaData from Extension Config (#2081)
+ iscsi disk support for agent configs (#2073)
+ Add support for VMs with multiple IB devices (#2085)
+ Python 3.9 support (#2082)
+ Add support for CBL-Mariner distro (#2099)
+ Enable Provisioning.MonitorHostName for Ubuntu (#1934)
+ Added supportedFeatures flag in status reporting (#2089)
+ Parse ext runtime settings (#2087)
+ GHA merge validation (#2097)
+ Cgroups improvements
+ renamed the eventsFolder variable for preview and enabled ETP (#2140)
+ Agent slice and custom unit files telemetry (#2150)
+ Make IPoIB interface online (#2116)
+ Add option to disable NetworkConfigurationChanges (#2156)
+ Log network configuration on service start (#2157)
+ Setup persistent firewall rules on service restart (#2154)
+ switched to using run_command (#2060)
+ fixes for chained-comparison and dangerous-default-value pylint
warnings (#2072)
+ fixed depends on errors (#2059)
+ WireIp env variable added (#2078)
+ Unstick HGAP channel as default (#2046)
+ shellutil.run_command fixes (#2086, #2098)
+ unit test fixes (#2090, #2091, #2108, #2153)
+ fix distro resolution for RedHat (#2083)
+ Read KVP value in binary mode (#2084)
+ Redact protected settings in goal state debug files (#2130)
+ Modify retry logic for empty goal state (#2140)
+ GS no config fix (#2141)
+ CommandExecution.log logrototate config -> custom log management (#2143)
+ binary file for firewall rules (#2147)
+ Refresh host ga plugin periodically (#2155)
+ Disabled custom service (#2166)
+ update test zips (#2167)
- From 2.2.53.1
+ Extension Telemetry Pipeline as a private-preview feature
- From 2.2.53
+ Start exthandler with the same python interpreter (#2007)
+ Verify that the extension status is an array (#2010)
+ Remove enum _UpdateType and retry fetching goal state (#2018)
+ use dd for ext4 as well as xfs (#2042)
+ Fix path for error.json (#2044)
+ Switch to run command changes, + provisioning changes that need to be
reverted. (#2050)
+ Fix timestamp for goal state archive (#2051)
+ Case insensitive parsing or Plugins and PluginSettings (#2054)
+ Revert "/Fixed delays for HTTP retries rather than exponential
delays (#1967)"/ (#2065)
+ Fixed bug causing "/MAC verified OK"/ message (#2069)
+ Revert unicode fix manually (#1937) (#2070)
+ Recreate handler environment file on service startup (#1960)
+ Add log collection tool and thread (#1987)
+ Thread interface (#1990)
+ Verify that the CPU and Memory cgroups for the agent are properly
initialized; disabled cgroups if they are not active. (#2015)
+ SUSE config: use Btrfs LZO compression for ResourceDisk (#2055)
+ Extension telemetry pipeline (#1918)
+ Reformatted the heartbeat event (#2009)
+ Add LIS version to OSInfo.message (#2011)
+ One thread for telemetry (#2019)
+ Limit description character length sent for health report (#2020)
+ Remove Serial Console Logging (#2028)
+ Echo log to /dev/console during provisioning (#2043)
+ Adding telemetry for logrotate (#2045)
+ Report placeholder extension status as an array (#2068)
+ Fix broken link in readme (#2014)
+ Add log collector flags to README (#2029)
- From 2.2.52
+ Do not retrieve users in each goal state (#1935)
+ Fix check for systemd-run failure when invoking extensions (#1943)
+ Fix telemetry unicode errors (#1937)
+ Uninstall unregistered extensions (#1970)
+ Use run_command to execute iptables (#1944)
+ Use run_command for ip route (#1958)
+ Fix handling of gen2 disks with udev rules (#1954)
+ Add API for uploading logs via host plugin (#1902)
+ Fixed delays for HTTP retries rather than exponential delays (#1967)
+ Resolve undefined variable (#1950)
+ Convert owner uid to string (#1949)
+ Fix Travis special checks for distro and remove useless cgroup tests (#1959)
+ Use tmp_dir instead of data_dir (#1968)
- Removed %config flag for files in /usr directory.
- Cleanup spec file:
- - Removed %{_distconfdir}/logrotate.d from dirlist. It will be
handled by package filelist now.
- - %{_distconfdir}/logrotate.d/* can be changed by vendor only.
So it will be replaced by an RPM update.
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
- require python-rpm-macros to fix build for TW
- do not require test dependencies for build, they are not needed
(no testsuite run in %check)
- python-base
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
backport of fix to Python 2.7.
- Filter out executable-stack error that is triggered for i586
target.
- python-parallax
-
- Fix: manager: file descriptor leakage (bsc#1205116) (jsc#ECO-2035)
- Release 1.0.8
- Release 1.0.7
- Remove patches since already included:
Remove patch 0001-Add-ssh_key-option-used-by-i-option-of-ssh-scp.patch
Remove patch 0002-Change-format-of-scp-command-for-ipv6-compatible.patch
Remove patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
Remove patch 0004-Fix-Error-inherit-from-Exception-instead-of-BaseExce.patch
Remove patch 0005-Dev-add-parallax.run-to-return-non-zero-rc-without-r.patch
- Dev: add parallax.run() to return non-zero rc without raising exceptions
Add patch 0005-Dev-add-parallax.run-to-return-non-zero-rc-without-r.patch
- Fix: Error: inherit from Exception instead of BaseExceptin
Add patch 0004-Fix-Error-inherit-from-Exception-instead-of-BaseExce.patch
- Don't use ssh if command running on local (bsc#1200833)
Add patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
- Change format of scp command for ipv6 compatible(bsc#1174894)
Add patch 0002-Change-format-of-scp-command-for-ipv6-compatible.patch
- Add ssh_key option used by -i option of ssh and scp(bsc#1169581)
Add patch 0001-Add-ssh_key-option-used-by-i-option-of-ssh-scp.patch
- Release 1.0.6
- Replace preexec_fn as start_new_session
- No need to mask signals for subprocess call
- python3
-
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- python3-base
-
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
(gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- python3-lxml
-
- Add patch CVE-2021-28957-prevent-formaction.patch:
* Sanitize HTML5 formaction attributes to prevent an XSS
(bsc#1184177, CVE-2021-28957)
- python36
-
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- release-notes-sles
-
- 12.5.20220930 (tracked in bsc#933411)
- Added note about /var/run volatility (jsc#SLE-5601)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Updated LibreOffice note (jsc#SLE-24441)
- Updated Java 1.7 lifecycle (jsc#PED-2073)
- 12.5.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-2073)
- resource-agents
-
- DB2 HADR resource-agents bug (bsc#1203758)
Add patches:
0001-db2-HADR-add-STANDBY-REMOTE_CATCHUP_PENDING-DISCONNE.patch
0001-db2-add-PRIMARY-REMOTE_CATCHUP_PENDING-CONNECTED-sta.patch
- ECO: Maint: Azure Events RA can not handle AV Zones (jsc#PED-2000)
Add upstream patch:
0001-azure-events-az-new-resource-agent-1774.patch
- rpm
-
- backport pgp hardening changes from upstream [bsc#1185299]
new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try to acquire the
database lock [bsc#1183659]
new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
[CVE-2021-20271] [CVE-2021-20266]
[bsc#1183543] [bsc#1183545] [bsc#1183632]
new patch: headerchk3.diff
- backport fixes for various format handling bugs [bsc#996280]
new patch: formatbugs.diff
- rsync
-
- Add support for --trust-sender parameter (patch by Jie Gong in
bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
* Added patch rsync-CVE-2022-29154-trust-sender-1.patch
* Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- samba
-
- Update to 4.15.13
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)
- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)"/) at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- sapconf
-
- version update from 5.0.4 to 5.0.5
- adapt check of an active saptune service during the initial
package installation to work in a chroot environment and fix the
missing enablement of sapconf.
(bsc#1190736, bsc#1190787)
- sg3_utils
-
- Update to version 1.43+48.63a5696:
* sg_turs: do not report error for standby or unavailable ports
(bsc#1186628)
* drop 55-scsi-sg3_id.rules-fix-SCSI_IDENT_LUN_NAA_EXT-case.patch
(now included in git tarball)
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- sudo
-
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- Modified sudo-sudoers.patch
* bsc#1177578
* Removed redundant and confusing 'secure_path' settings in
sudo-sudoers file.
- Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
* Ignore entries when converting LDAP to sudoers. Prevents empty
host list being treated as "/ALL"/ wildcard.
* bsc#1201462
* Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e
- supportutils
-
- Changes to supportconfig version 3.0.11
+ Added _sanitize_file and applied it as needed (bsc#1203818)
- supportutils-plugin-ha-sap
-
- Update to version 0.0.4+git.1663748456.ad13e75:
* fix basic support for saptune
add saptune version 3 awareness and add a hint for the new
saptune supportconfig plugin delivered within the saptune
package >= 3.x
(bsc#1203202)
* change release status of the project
- sysstat
-
- Sysstat requires cron in SLE [related to bsc#1202473]
- systemd
-
- Import commit 284594087815b5a621c9cbdfd7fde382c3fa110e
408bdd5b5c units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
c9d71f32e9 vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode)
36cea26f87 vconsole-setup: add more log messages
ed5157ad87 units: restore Before dependencies for systemd-vconsole-setup.service
e9ae2bacc4 vconsole-setup: add lots of debug messages
40b348e753 Add enable_disable() helper
33ac2fa67a vconsole: correct kernel command line namespace
41e28b24d6 vconsole: Don't do static installation under sysinit.target
d5a5e14c0b vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636)
4e62cab082 vconsole: updates of keyboard/font loading functions
8fd6316be5 vconsole: Add generic is_*() functions
a755ea98ec vconsole: add two new toggle functions, remove old enable/disable ones
9ca3cfe2aa vconsole: copy font to 63 consoles instead of 15
7ddfcaab83 vconsole: add log_oom() where appropriate
8d61f5bde5 vconsole-setup: Store fonts on heap (#3268)
6efe43abe2 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
1f09db3094 errno-util: add new errno_or_else() helper
- Drop 5000-errno-util-add-new-errno_or_else-helper.patch
5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
They have been integrated in SUSE/v228, see above.
- Disable coredump support when building the mini flavor to avoid pulling in
elfutils as some elf macro definitions are now needed by coredump.c
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-errno-util-add-new-errno_or_else-helper.patch
Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
- Import commit 417bb0944e035969594fff83a3ab9c2ca9a56234
e4ba341080 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
20743c1a44 logind: fix crash in logind on user-specified message string
b971b5f085 tmpfiles: check the directory we were supposed to create, not its parent
2850271ea6 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
3d3bd5fc8d systemd --user: call pam_loginuid when creating user@.service (#3120) (bsc#1198507)
4b56c3540a parse-util: introduce pid_is_valid()
aa811a4c0c systemd-detect-virt: refine hypervisor detection (#7171) (bsc#1197244)
- Rebase 0001-logind-unmount-runtime-path-in-a-dedicated-process.patch
- tar
-
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-fix-no-overwrite-dir.patch
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
- tcl
-
- Fix a race condition in test socket-13.1
(tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
sqlite3 to have only a single copy and keep it more up to date
(bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
- telnet
-
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
(CVE-2022-39028, bsc#1203759)
CVE-2022-39028.patch
- tiff
-
- security update:
* CVE-2022-3570 [bsc#1205422]
* CVE-2022-3598 [bsc#1204642]
+ tiff-CVE-2022-3598,3570.patch
- security update:
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645]
+ tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643]
+ tiff-CVE-2022-3599.patch
* CVE-2022-3970 [bsc#1205392]
+ tiff-CVE-2022-3970.patch
- security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971]
+ tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
* CVE-2022-2867 [bsc#1202466]
* CVE-2022-2868 [bsc#1202467]
* CVE-2022-2869 [bsc#1202468]
+ tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
Rename tiff-CVE-2022-0561.patch to
tiff-CVE-2022-0561,CVE-2022-34266.patch
This CVE is actually a duplicate.
- security update:
* CVE-2022-34526 [bsc#1202026]
+ tiff-CVE-2022-34526.patch
- timezone
-
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- util-linux
-
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- util-linux-systemd
-
- Integrate pam_keyinit pam module (bsc#1201354, boo#1081947,
su-l.pamd, runuser.pamd, runuser-l.pamd, login.pamd,
remote.pamd).
- vim
-
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
* Fixing bsc#1200884 Vim: Error on startup
* Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
* Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
* Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
* Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
* Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
* Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
* Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
* Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
* Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
* Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
* Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
* Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
* Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
* Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
* Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
* Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
* Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
* Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
* Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
* Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
* Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
* Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
* Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
* Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
* Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
* Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
* Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
* Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
* Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
* Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
* Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
* Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
* Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
* Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
* Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
* Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
* Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
* Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
* Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
* Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
* Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
* Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
* Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
After Free
* Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
in src/ex_docmd.c
* Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
Out-of-bounds Read
* Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
* Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
in vim prior to 8.2.
* Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
Heap-based Buffer Overflow
* Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
vim prior to 8.2.
* Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
init_ccline() in ex_getln.c
* Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
Conda vim prior to 8.2.
* Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
in skip_range
* Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
append_command
* Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
function cmdline_erase_chars
* Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
function vim_regexec_string
* Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
find_pattern_in_path
* Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
* Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
to 8.2
* Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
to 8.2
* Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
.swp file to the editor's primary group, which allows local users to obtain
sensitive information
* Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
Out-of-bounds Read
* Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
in vim prior to 8.2
* Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
vim prior to 8.2
* Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
* Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
* Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
cindent.c
* Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
to 8.2.
* Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
* Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
* Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
* Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
* Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
* Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
* Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
* Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
* Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
* Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
* Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
* Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
* Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
* Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
* Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
* Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- missing-vim-client: removed
- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch)
- source correct suse.vimrc file (boo#1182324)
- stop owning /etc/vimrc so the old, distro provided config actually
gets removed. Leaving it around leads to a duplicated autocmd for
* .spec, leading to spec file template inserted twice.
- own some dirs in vim-data-common so installation of vim-small
doesn't leave not owned directories (boo#1173256).
- Add vi as slave to update-alternatives so that every package
has a matching "/vi"/ symlink (bsc#1174564, boo#1176549).
- Removed patches:
* disable-unreliable-tests-arch.patch
* CVE-2016-1248.patch
* CVE-2017-5953.patch
* CVE-2017-6349.patch
* CVE-2017-6350.patch
* restrict-shell-commands.patch
* source-check-sandbox.patch
* vim-8.0.1568-CVE-2021-3778.patch
* vim-8.0.1568-CVE-2021-3796.patch
* vim-8.0.1568-CVE-2021-3872.patch
* vim-8.0.1568-CVE-2021-3927.patch
* vim-8.0.1568-CVE-2021-3928.patch
* vim-8.0.1568-CVE-2021-3984.patch
* vim-8.0.1568-CVE-2021-4019.patch
* vim-8.0.1568-CVE-2021-4193.patch
* vim-8.0.1568-CVE-2021-46059.patch
* vim-8.0.1568-CVE-2022-0319.patch
* vim-8.0.1568-CVE-2022-0351.patch
* vim-8.0.1568-CVE-2022-0361.patch
* vim-8.0.1568-CVE-2022-0413.patch
* vim-8.0.1568-globalvimrc.patch
* vim-7.1.314-CVE-2009-0316-debian.patch
* vim-7.3-diff_check.patch
* vim-python35.patch
* vim-speedup-yaml.patch
- Updated patches:
* vim-7.3-filetype_changes.patch
* vim-7.3-filetype_ftl.patch
* vim-7.3-filetype_spec.patch
* vim-7.3-gvimrc_fontset.patch
* vim-7.3-help_tags.patch
* vim-7.3-mktemp_tutor.patch
* vim-7.3-name_vimrc.patch
* vim-7.3-sh_is_bash.patch
* vim-7.3-use_awk.patch
* vim-7.4-disable_lang_no.patch
* vim-7.4-filetype_apparmor.patch
* vim-7.4-filetype_mine.patch
* vim-7.4-highlight_fstab.patch
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim73-no-static-libpython.patch
* vim-7.4-rpmlintrc
* vim73-no-static-libpython.patch
- Added patches:
* vim-8.0-ttytype-test.patch
* vim-8.0.1568-defaults.patch
* vim-8.1.0297-dump3.patch
* vim-8.2.2411-globalvimrc.patch
* disable-unreliable-tests.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v7.4.326...v9.0.0814
- w3m
-
- CVE-2022-38223 Out-of-bounds write in checkType located in etc.c
(bsc#1202684)
- add:
0002-Fix-m17n-backspace-handling-causes-out-of-bounds-wri.patch
0001-Fix-warning-for-unused-variable-without-USE_M17N.patch
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
correctly OR grouped lease status (bnc#896188)
netlink attribute if provided by the kernel (bnc#885007).
do not detect persistence but set if requested only (bnc#876845).
- client: do not mix shared with exclusive references (bnc#877776)
- extensions: disabled writing of wickedd.log (debug) file
- addrconf: initial lease writing/parsing helpers / disarmed
- several lldp fixes, mostly for parsing / formatting
- xterm
-
- xterm-CVE-2022-24130.patch: Fixed buffer overflow in set_sixel
when Sixel support is enabled (bsc#1195387)
- yast2-cluster
-
- bsc#1204530, set crypto_hash as "/sha1"/ and set crypto_cipher as "/aes256"/,
- Set transport as "/udpu"/ when detect in cloud,
- Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured
- Set focus on "/Generate Auth Key File"/ when secauth is true
- Implement ValidateSecurity method
- Set focus on memberaddr add when using udpu
- Version 3.4.3
- yast2-printer
-
- Try to connect with SMB3 protocol when testing SMB printers
(bsc#1084277)
- 3.2.1
- yast2-registration
-
- fix crash of autoyast config dialog (bsc#1152913)
- 3.3.1
- zlib
-
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch