- SAPHanaSR
-
- Version bump to 0.155.0
- Add systemd support for the resource agent to interact with the
new SAP unit files for sapstartsrv.
As the new version of the SAP Startup Framework will use systemd
unit files to control the sapstartsrv process instead of the
previous used SysV init script, we need to adapt the handling of
sapstartsrv inside the resource agents to support both ways.
(bsc#1189530, bsc#1189531)
- The resource start and stop timeout is now configurable by
increasing the timeout for the action 'start' and/or 'stop'.
We will use 95% of this action timeouts to calculate the new
resource start and stop timeout for the 'WaitforStarted' and
'WaitforStopped' functions. If the new, calculated timeout value
is less than '3600', it will be set to '3600', so that we do not
decrease this timeout by accident
(bsc#1182545)
- change promotion scoring during maintenance procedure to prevent
that both sides have an equal promotion scoring after refresh
which might result in a critical promotion of the secondary.
(bsc#1174557)
- update of man page SAPHanaSR.py.7 - correct the supported HANA
version.
(bsc#1182201)
- if the $hdbState command fails to retrieve the current state of
the System Replication, the resource agent now uses the
system_replication/actual_mode attribute (if available) from the
global.ini file as a fallback.
This should prevent some confusing and misleading log messages
during a takeover and solves the problem of a not working
takeover back (after a successful first takeover)
(bsc#1181765)
- add dedicated logging of HANA_CALL problems. So it will be now
possible to identify, if the called hana command or the needed
su command throws the error and for further hints we log the
stderr output.
Additional it is possible to get regular log messages for the
used commands, their return code and their stderr output by
enabling the 'debug' mode of the resource agents.
(bsc#1182774)
- aaa_base
-
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
allow ICMP ping
- added patches
+ git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
current version which includes a rename of patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
the 8 bit escape sequence which interfere with UTF-8 multi byte
characters as well as support the vi mode of readline library.
This is done with the patches
* git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
* git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
before the changed patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
rename it to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
and also add the patches
* git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
* git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
- augeas
-
- support new chrony 4.1 options (jsc#SLE-17334)
augeas-new_options_for_chrony.patch
- avahi
-
- Downgrade python3-Twisted to a Recommends. It is not available
on SLED or PackageHub, and it is only needed by avahi-bookmarks
(bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-add-resolv-conf-to-inotify.patch: re-read configuration
when resolv.conf changes, per discussion on the bug
(boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
- bind
-
- When using forwarders, bogus NS records supplied by, or via, those
forwarders may be cached and used by named if it needs to recurse
for any reason, causing it to obtain and pass on potentially
incorrect answers.
[CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
- chrony
-
- Fix config file handling in the spec file and remove "/ntsdumpdir"/
from default config, because augeas-lenses cannot parse it during
installation of SLE Micro on SLE-15-SP3 (bsc#1194220).
- bsc#1194229: Fix pool package dependencies, so that SLE actually
prefers chrony-pool-suse over chrony-pool-empty.
- Add chrony-htonl.patch to work around undocumented behaviour of
htonl() in older glibc versions (SLE-12) on 64 bit big endian
architectures (s390x).
- SLE bugs that have been fixed in openSUSE up to this point
without explicit references: bsc#1183783, bsc#1184400,
bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
* chrony-fix-open.patch
* chrony-gettimeofday.patch
* chrony-ntp-era-split.patch
* chrony-pidfile.patch
* chrony-select-timeout.patch
* chrony-urandom.patch
* chrony.sysconfig
* clknetsim-glibc-2.31.patch
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
- boo#1187906: Consolidate all references to the helper script.
- Add now working CONFIG parameter to sysusers generator
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
- Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
can do all the other required crypto via nettle+gnutls. no need
for another crypto library.
- Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and "/reload sources"/ command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get "/maxsources"/
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add "/add pool"/ command
- Add "/reset sources"/ command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option "/version 3"/)
- Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
enable the new features)
- drop patches which are included in the update:
chrony-test-update-processing-of-packet-log.patch
chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
osc build --without=testsuite
testsuite still runs by default
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
- Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
not actually live below libexecdir.
- Add chrony-test-update-processing-of-packet-log.patch in order
to fix test-suite failure.
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
(is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
- Fix incorrect download link for package signature
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
- fix chrony-service-helper.patch
- Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Update testsuite to version 58c5e8b
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
- Update clknetsim to revision 8b48422
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
- Update the keyring and uncomment it in the spec file
- Comment out bad signature
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
- Update clknetsim to revision 42b693b
* Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
- Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
- cloud-init
-
- systemctl location (bsc#1193531)
- Add cloud-init-sysctl-not-in-bin.patch
- The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
- cloud-regionsrv-client
-
- Update to version 10.0.2
+ Fix name of logfile in error message
+ Fix variable scoping to properly detect registration error
+ Cleanup any artifacts on registration failure
+ Fix latent bug with /etc/hosts population
+ Do not throw error when attemting to unregister a system that is not
registered
+ Skip extension registration if the extension is recommended by the
baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
+ Provide status feedback on registration, success or failure
+ Log warning message if data provider is configured but no data
can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
+ The repo enablement timer cannot depend on guestregister.service
- expat
-
* (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
- filesystem
-
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
- firewalld
-
- Add patch which fixes the zone configuration (bsc#1191837)
* 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch
- java-1_8_0-ibm
-
- Update to Java 8.0 Service Refresh 7 Fix Pack 5 [bsc#1197126]
* https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
[bsc#1194927, CVE-2022-21366] [bsc#1194928, CVE-2022-21365]
[bsc#1194929, CVE-2022-21360] [bsc#1196500, CVE-2022-21349]
[bsc#1194941, CVE-2022-21341] [bsc#1194940, CVE-2022-21340]
[bsc#1194939, CVE-2022-21305] [bsc#1194930, CVE-2022-21277]
[bsc#1194931, CVE-2022-21299] [bsc#1194932, CVE-2022-21296]
[bsc#1194933, CVE-2022-21282] [bsc#1194934, CVE-2022-21294]
[bsc#1194935, CVE-2022-21293] [bsc#1194925, CVE-2022-21291]
[bsc#1194937, CVE-2022-21283] [bsc#1194926, CVE-2022-21248]
[CVE-2022-21271]
- Fix a javaws broken symlink [bsc#1195146]
- kernel-default
-
- Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/
This reverts commit 1da843983718d4cfdd652a76e428abee98e37450.
- commit f349b81
- Revert "/build initrd without systemd"/ (bsc#1197300)
This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76.
It seems to be the cause of a stall in OBS build that resulted in
the failure with obs-build-qa (and possibly others).
- commit ff2b28e
- Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245)
- commit fd3b6e8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 891ddc4
- sr9700: sanity check for packet length (bsc#1196836
CVE-2022-26966).
- commit edaafdd
- blacklist.conf: prerequisites break kABI
- commit d0b972b
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- commit 3863766
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- commit 9d7504f
- aio: fix use-after-free due to missing POLLFREE handling
(CVE-2021-39698 bsc#1196956).
- aio: keep poll requests on waitqueue until completed
(CVE-2021-39698 bsc#1196956).
- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- commit b026506
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- commit 5ad82f7
- usb: dwc3: meson-g12a: Disable the regulator in the error
handling path of the probe (git-fixes).
- commit 6109544
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- commit 44ceec6
- rpm/kernel-source.spec.in: call fdupes per subpackage
It is a waste of time to do a global fdupes when we have
subpackages.
- commit 1da8439
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
bsc#1193731).
- commit 7040fdd
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 8d867d6
- bpf, selftests: Add test case trying to taint map value pointer
(bsc#1196130,CVE-2021-45402).
- bpf: Make 32->64 bounds propagation slightly more robust
(bsc#1196130,CVE-2021-45402).
- bpf: Fix signed bounds propagation after mov32
(bsc#1196130,CVE-2021-45402).
- commit 63a6298
- net: phy: DP83822: clear MISR2 register to disable interrupts
(git-fixes).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
(git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete
(git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
(git-fixes).
- staging: gdm724x: fix use after free in gdm_lte_rx()
(git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
(git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit ea6e976
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr() (bsc#1178134).
- commit c292d6b
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
CVE-2022-23042).
- commit fe0a923
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 58c801b
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488,
XSA-396, CVE-2022-23041).
- commit afb2dba
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
CVE-2022-23041).
- commit cee63b9
- xen/usb: don't use gnttab_end_foreign_access() in
xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit b1d434d
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23039).
- commit a4ec4aa
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit fd9cb30
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 4e33999
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 4334af7
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit 19b769a
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 5aacf1f
- EDAC/altera: Fix deferred probing (bsc#1178134).
- commit 13cc9b2
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (git-fixes).
- commit f4a5de3
- usb: host: xen-hcd: add missing unlock in error path
(git-fixes).
- commit daa9ea7
- Refresh
patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit d9066f6
- Refresh
patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 5c41eb3
- rpm/kernel-docs.spec.in: use %%license for license declarations
Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- commit 8823060
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 504b440
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1176774).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1176447).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1181147).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case
(jsc#SLE-15176).
- net/mlx5e: TC, Reject rules with forward and drop actions
(git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (jsc#SLE-15172).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1176447).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(git-fixes).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(git-fixes).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (jsc#SLE-15172).
- bonding: force carrier update when releasing slave (git-fixes).
- RDMA/mlx4: Don't continue event handler after memory allocation
failure (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
(git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after
empty entry (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty
entry (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for
private_data_len (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "/disabling
RCFW with pending cmd-bit"/ (git-fixes).
- RDMA/core: Don't infoleak GRH fields (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
(git-fixes).
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- commit 5d0d3c3
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- commit 954cba8
- usb: hub: Fix usb enumeration issue due to address0 race
(git-fixes).
- commit 831632a
- USB: hub: Clean up use of port initialization schemes and
retries (git-fixes).
- commit 39e09e3
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433
ltc#196449).
- commit 5cf33af
- mask out added spinlock in rndis_params (git-fixes).
- commit cf77fd5
- usb: gadget: rndis: add spinlock for rndis response list
(git-fixes).
- commit 6500e0b
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(git-fixes).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound
(git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound
(git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- commit add4eb4
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer
(git-fixes).
- scsi: ufs: Fix race conditions related to driver data
(git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
(git-fixes).
- commit 2185cf5
- Add SCSI git-fix to blacklist: too pervasive
- commit 3f4a3f6
- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- commit 511f680
- cgroup/cpuset: Fix "/suspicious RCU usage"/ lockdep warning
(bsc#1196868).
- commit 30013c2
- cpuset: Fix the bug that subpart_cpus updated wrongly in
update_cpumask() (bsc#1196866).
- commit 8ee9c97
- blacklist.conf: prerequisites break kABI
- commit 88b00ea
- blacklist.conf: kABI
- commit 11980b2
- blacklist.conf: patch not applicable due to missing infrastructure
- commit be9f64f
- usb: dwc2: use well defined macros for power_down (git-fixes).
- commit 781db9c
- ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 59d5e34
- Hand over the maintainership to SLE15-SP3 maintainers
- commit 0c92742
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bnc#1195403).
- commit f6cf219
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit b360f79
- sched/core: Mitigate race (git-fixes)
- commit d6e526f
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- commit 3b82dc0
- blacklist.conf: Blacklist uclamp related fixes
- commit af69679
- sr9700: sanity check for packet length (bsc#1196836).
- commit 558034f
- tracing: Fix return value of __setup handlers (git-fixes).
- commit 184ff86
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files
(git-fixes).
- commit f1e7b8d
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit fd10ace
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during
load (git-fixes).
- commit 8b4713c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- Update
patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch
(bsc#1195612 CVE-2022-24448).
- Update
patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch
(bsc#1196079 CVE-2022-0617).
- Update
patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch
(bsc#1196079 CVE-2022-0617).
- Update
patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch
(bsc#1194888 CVE-2022-0644 bsc#1196155).
- commit 096ea36
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(git-fixes).
- commit 46ecf36
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- commit 0f3e3c7
- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
Deleted:
patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
- commit 0c68bb9
- vrf: Fix fast path output packet handling with async Netfilter
rules (git-fixes).
- commit 4dafe3d
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- commit 2d08f14
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping
advertisement (git-fixes).
- commit 644c57f
- net: hns3: Clear the CMDQ registers before unmapping BAR region
(git-fixes).
- commit 09653f6
- netsec: ignore 'phy-mode' device property on ACPI systems
(git-fixes).
- commit b2241ca
- net: sfc: Replace in_interrupt() usage (git-fixes).
- commit 254377d
- gtp: remove useless rcu_read_lock() (git-fixes).
- commit 2588833
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo
configuration (git-fixes).
- commit 28ecaea
- Refresh
patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch.
- Refresh
patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch.
- Refresh
patches.suse/ibmvnic-complete-init_done-on-transport-events.patch.
- Refresh
patches.suse/ibmvnic-define-flush_reset_queue-helper.patch.
- Refresh
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch.
- Refresh
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch.
- Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch.
- Refresh
patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch.
- Refresh
patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch.
- Refresh
patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch.
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 25457d5
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1196299 CVE-2022-25636).
- commit 30b89a9
- batman-adv: Don't expect inter-netns unique iflink indices
(git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check
(git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection
(git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8
(git-fixes).
- commit 1c8fa49
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 1dafeb6
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1196723).
- commit 3d0b2e2
- blacklist.conf: Add 51e50fbd3efc psi: fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit 2727993
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set
(git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- USB: gadget: validate interface OS descriptor requests
(git-fixes).
- commit a54291e
- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch
(bsc#1192273 ltc#194629 bsc#1191428 ltc#193985).
- commit 59ca885
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 6dcfd65
- blk-mq: don't free tags if the tag_set is used by other device
in queue initialztion (bsc#1193787).
- commit 5b79ad2
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- powerpc/fadump: register for fadump as early as possible
(bsc#1179439 ltc#190038).
- commit 3f54d95
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- powerpc/pseries/iommu: Fix window size for direct mapping with
pmem (bsc#1196472 ltc#192278).
- powerpc/dma: Fallback to dma_ops when persistent memory present
(bsc#1196472 ltc#192278).
Update config files.
- dma-mapping: Allow mixing bypass and mapped DMA operation
(bsc#1196472 ltc#192278).
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472
ltc#192278).
- commit a04953d
- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit b546cd9
- arm64: Mitigate spectre style branch history side channels
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Update config files.
- commit d035616
- KVM: arm64: Add templates for BHB mitigation sequences
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 8c9b0c2
- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit c3c4a06
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
CVE-2022-0002).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 284cd49
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
(bsc#1196584).
- commit 4f3bbf5
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY)
(git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(git-fixes).
- efivars: Respect "/block"/ flag in efivar_entry_set_safe()
(git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger
(git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (git-fixes).
- tty: n_gsm: fix proper link termination after failed open
(git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV
(git-fixes).
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
(git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- commit c381750
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- ibmvnic: Allow queueing resets during probe (bsc#1196516
ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516
ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516
ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516
ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516
ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516
ltc#196391).
- commit 1cc99d0
- tracing: Have traceon and traceoff trigger honor the instance
(git-fixes).
- commit 92ab7ec
- tracing: Dump stacktrace trigger to the corresponding instance
(git-fixes).
- commit a3c85e9
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (git-fixes).
- nvme: don't return an error from nvme_configure_metadata
(git-fixes).
- nvme: let namespace probing continue for unsupported features
(git-fixes).
- commit a5b2a87
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
(bsc#1193787 git-fixes).
- blk-mq: don't grab rq's refcount in blk_mq_check_expired()
(bsc#1193787 git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue
(bsc#1193787).
- commit cc53802
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (git-fixes).
- commit 209cee8
- drm/i915: Correctly populate use_sagv_wm for all pipes
(git-fixes).
- commit 5d7b5fe
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
LTC#194674).
- KVM: remember position in kvm->vcpus array (bsc#1190972
LTC#194674).
- commit 81f3dbb
- s390/cpumf: Support for CPU Measurement Sampling Facility LS
bit (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
(bsc#1195081 LTC#196088).
- commit 0ce3482
- s390/cio: verify the driver availability for path_event call
(bsc#1195928 LTC#196418).
- commit 4741f1a
- scsi: zfcp: Fix failed recovery on gone remote port with
non-NPIV FCP devices (bsc#1195378 LTC#196244).
- commit 6fb3d19
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
LTC#195540).
- commit 79f1350
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
LTC#196028).
- commit 512e596
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243
LTC#195549).
- commit 6f84bff
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
ltc#196449).
- commit 72793cf
- block: do not send a rezise udev event for hidden block device
(bsc#1193096).
- commit c3addda
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- commit 542287e
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(git-fixes).
- commit 774f927
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
ltc#195815).
- commit 7099d61
- ext4: prevent partial update of the extent blocks (bsc#1194163
bsc#1196339).
- commit 9b7f6a6
- ext4: check for inconsistent extents between index and leaf
block (bsc#1194163 bsc#1196339).
- commit 8a25180
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- commit b72afd9
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
(git-fixes).
- mtd: rawnand: gpmi: don't leak PM reference in error path
(git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
(git-fixes).
- ASoC: Revert "/ASoC: mediatek: Check for error clk pointer"/
(git-fixes).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw() (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
(git-fixes).
- ALSA: hda: Fix regression on forced probe mask option
(git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
(git-fixes).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
(git-fixes).
- commit ea7f847
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- blk-tag: Hide spin_lock (bsc#1193787).
- commit 78741a7
- blk-mq: clearing flush request reference in tags->rqs
(bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one
request pool (bsc#1193787).
- blk-mq: grab rq->refcount before calling ->fn in
blk_mq_tagset_busy_iter (bsc#1193787).
- block: avoid double io accounting for flush request
(bsc#1193787).
- block: mark flush request as IDLE when it is really finished
(bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io()
(bsc#1193787).
- commit 2d33352
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- commit 445785b
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- commit 436acc9
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- commit a9ec6c0
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1196195).
- commit ace9b16
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- commit 4beb0b0
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- Refresh patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch.
- commit 41c6188
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- commit b25996b
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- commit f36b423
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- commit ef6e83a
- x86/speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- commit 718c631
- blacklist.conf: Add 2cbc61a1b166 iommu/dma: Account for min_align_mask w/swiotlb
- commit 142c6ac
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
(git-fixes).
- iommu/vt-d: Fix potential memory leak in
intel_setup_irq_remapping() (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown
(git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
(git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
(git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
(git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume
(git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table
allocation failure (git-fixes).
- commit 50e60e3
- Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235)
- commit b7dc18b
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- net/ibmvnic: Cleanup workaround doing an EOI after partition
migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- commit 0dfd4da
- drm/i915/opregion: check port number bounds for SWSCI display
power state (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "/HW not ready"/
(git-fixes).
- iwlwifi: pcie: fix locking when "/HW not ready"/ (git-fixes).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
devices (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: Fix MDI-x polarity setting in
88e1118-compatible PHYs (git-fixes).
- usb: dwc2: gadget: don't try to disable ep0 in
dwc2_hsotg_suspend (git-fixes).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook
OneXPlayer (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118
(git-fixes).
- commit cc7a24c
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- commit 9af94a7
- USB: gadget: validate interface OS descriptor requests
(CVE-2022-25258 bsc#1196095).
- commit 4c69367
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch
Also update blacklist
- commit 4f68062
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct
(bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Add RX context (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- commit 4a8e1e2
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
(bsc#1195506).
- commit c74c330
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- commit 8ef8f22
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- commit bcd3697
- powerpc/pseries: read the lpar name from the firmware
(bsc#1187716 ltc#193451).
- commit 181541b
- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
- commit c964381
- powerpc: add link stack flush mitigation status in debugfs
(bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- commit 5862a79
- powerpc: Set crashkernel offset to mid of RMA region
(bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit 11e3668
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
(bsc#1195012).
- commit 4d29ac4
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 73dbd5c
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected
(bsc#1195823).
- scsi: qla2xxx: Add devids and conditionals for 28xx
(bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
28XX adapters (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology
(bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
(bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error
(bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
(bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- commit c358f38
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
(bsc#1176447).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF
(git-fixes).
- RDMA/cma: Use correct address when leaving multicast group
(bsc#1181147).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(git-fixes).
- commit 679175c
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(git-fixes).
- commit 546d043
- tracing: Don't inc err_log entry count if entry allocation fails
(git-fixes).
- commit 5c45742
- tracing: Propagate is_signed to expression (git-fixes).
- commit a834cba
- blacklist.conf: b59f2f2b865c ("/tracing: Fix smatch warning for do while check in event_hist_trigger_parse()"/)
Cosmetic only.
- commit f0fcec9
- tracing: Fix smatch warning for null glob in
event_hist_trigger_parse() (git-fixes).
- commit 329e4ac
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 877b9c1
- f2fs: fix to do sanity check on inode type during garbage
collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- misc: fastrpc: avoid double fput() on failed usercopy
(git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init()
(git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs
(git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
transition (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields
(git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
(git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
(git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
Master (newer chipset) (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
X570 ALC1220 quirks (git-fixes).
- staging/fbtft: Fix backlight (git-fixes).
- commit 033cee4
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- commit 7b9eed7
- blacklist.conf: misattributed upstream
- commit f62cf37
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- commit a103972
- tipc: improve size validations for received domain records
(bsc#1195254, CVE-2022-0435).
- commit 48911da
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
(CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
bsc#1195905).
- commit 96dda76
- scsi: target: iscsi: Fix cmd abort fabric stop race
(bsc#1195286).
- commit 52d26b6
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- commit 3d90f3c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- commit f68f189
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- commit c0baca0
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- commit 9308a14
- kernel-binary: Do not include sourcedir in certificate path.
The certs macro runs before build directory is set up so it creates the
aggregate of supplied certificates in the source directory.
Using this file directly as the certificate in kernel config works but
embeds the source directory path in the kernel config.
To avoid this symlink the certificate to the build directory and use
relative path to refer to it.
Also fabricate a certificate in the same location in build directory
when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- s390/protvirt: fix error return code in uv_info_init()
(jsc#SLE-22135).
- commit 7f8b088
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- commit 004f3c6
- KVM: s390: Return error on SIDA memop on normal guest
(bsc#1195516 CVE-2022-0516).
- commit d46602b
- ceph: set pool_ns in new inode layout for async creates
(bsc#1195799).
- ceph: properly put ceph_string reference after async create
attempt (bsc#1195798).
- commit 8f44ef0
- btrfs: make sure SB_I_VERSION doesn't get unset by remount (bsc#1192210).
- commit 9acc804
- s390/uv: fix prot virt host indication compilation
(jsc#SLE-22135).
- s390/uv: add prot virt guest/host indication files
(jsc#SLE-22135).
- commit f479d35
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- commit ea4d32b
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed
(bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode
(bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup
(bsc#1195211).
- commit d7995a2
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668
ltc#195811).
- commit 902d854
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1195612 CVE-2022-24448).
- commit 1023a28
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit ccd41ed
- cgroup-v1: Require capabilities to set release_agent
(bsc#1195543 CVE-2022-0492).
- commit 413d689
- RDMA/ucma: Protect mc during concurrent multicast leaves
(bsc#1181147).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- net/mlx5e: Fix handling of wrong devices during bond netevent
(jsc#SLE-15172).
- gve: fix the wrong AdminQ buffer queue index check
(bsc#1176940).
- gve: Fix GFP flags when allocing pages (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- commit 6aa87c4
- Update patch reference for HD-audio fix (bsc#1183872)
- commit 1e16eaa
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
(git-fixes).
- commit 2492c7d
- mmc: sdhci-of-esdhc: Check for error num after setting mask
(git-fixes).
- ima: Do not print policy rule with inactive LSM labels
(git-fixes).
- ima: Allow template selection with ima_template[_fmt]= after
ima_hash= (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: check the return value of audit_log_start()
(git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- commit a8bf0cb
- RDMA/core: Always release restrack object (git-fixes)
- commit a4c74f1
- RDMA/siw: Release xarray entry (git-fixes)
- commit cfa201c
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- commit 06f1504
- blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers
- commit 2bfec1b
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
(git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- commit 5e3ed1a
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741
LTC#194816).
- commit 5aa085e
- usb: dwc3: don't set gadget->is_otg flag (git-fixes).
- commit 5b20187
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- commit af99987
- kernel-obs-build: include 9p (boo#1195353)
To be able to share files between host and the qemu vm of the build
script, the 9p and 9p_virtio kernel modules need to be included in
the initrd of kernel-obs-build.
- commit 0cfe67a
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
directory (bsc#1195051).
- commit c80b5de
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- fix rpm build warning
tumbleweed rpm is adding these warnings to the log:
It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- commit 3ba8941
- build initrd without systemd
This reduces the size of the initrd by over 25%, which
improves startup time of the virtual machine by 0.5-0.6s on
very fast machines, more on slower ones.
- commit ef4c569
- Align s390 NVME target options with other architectures
(bsc#1188404, jsc#SLE-22494).
CONFIG_NVME_TARGET=m
CONFIG_NVME_TARGET_PASSTHRU=y
CONFIG_NVME_TARGET_LOOP=m
CONFIG_NVME_TARGET_RDMA=m
CONFIG_NVME_TARGET_FC=m
CONFIG_NVME_TARGET_FCLOOP=m
CONFIG_NVME_TARGET_TCP=m
- commit 5b2b9f6
- libqt5-qtbase
-
- Update patch after it was merged to dev upstream and fix another
place missed in the first version (boo#1195386, CVE-2022-23853,
boo#1196501, CVE-2022-25255):
* 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch
- Add patch to avoid unintentionally using binaries from CWD
(boo#1195386, CVE-2022-23853, boo#1196501, CVE-2022-25255):
* 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch
- libseccomp
-
- check if we have NR_openat2, avoid using its definition when not
(bsc#1196825)
Added seccomp-openat2.patch
- libzypp
-
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
- version 17.29.4 (22)
- mlocate
-
- require apparmor-abstractions, because apparmor.service fails with
Could not open 'tunables/global' error otherwise (bsc#1195144)
- open-iscsi
-
- Update to latest upstream, including test cleanup, minor
bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).
- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains
bug fixes and cleanups. See the Changelog for more details.
- openldap2
-
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- openssl-1_1
-
- Security Fix: [bsc#1196877, CVE-2022-0778]
* Infinite loop in BN_mod_sqrt() reachable when parsing certificates
* Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
* PAC pointer authentication signs the return address against the
value of the stack pointer, to prevent stack overrun exploits
from corrupting the control flow. The Poly1305 armv8 code got
this wrong, resulting in crashes on PAC capable hardware.
* Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
* Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
- pam
-
- Between allocating the variable "/ai"/ and free'ing them, there are
two "/return NO"/ were we don't free this variable. This patch
inserts freaddrinfo() calls before the "/return NO;"/s.
[bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
The variable is needed by systemd and others.
[bsc#1196093, macros.pam]
- pciutils
-
- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
(bsc#1192862)
- procps
-
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
ignore SIGURG
- protobuf
-
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
bsc#1195258
* Add protobuf-CVE-2021-22570.patch
- python-base
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
(bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
(bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- python-jsonschema
-
- Add patch to fix build with new webcolors:
* webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
* Added a format_nongpl setuptools extra, which installs only format
dependencies that are non-GPL (#619).
- specfile:
* be more explicit in %files section
* require python-importlib-metadata
- update to version 3.1.1:
* Temporarily revert the switch to js-regex until #611 and #612 are
resolved.
- changes from version 3.1.0:
* Regular expressions throughout schemas now respect the ECMA 262
dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
* Fixed a bug where 0 and False were considered equal by
const and enum
- from v3.0.1
* Fixed a bug where extending validators did not preserve their
notion of which validator property contains $id information.
- from v3.0.0
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions
(and overrides)
* Falling back to isodate for the date-time format checker is
no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions (and overrides)
* Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
- python-lxml
-
- With the new update to 4.7.1, the old Bugzilla entries are also
fixed:
- bsc#1118088 (related to CVE-2018-19787)
- bsc#1184177 (related to CVE-2021-28957)
- Update to 4.7.1 (officially released 2021-12-13)
Features added
- Chunked Unicode string parsing via parser.feed() now encodes the input
data to the native UTF-8 encoding directly, instead of going through
Py_UNICODE / wchar_t encoding first, which previously required duplicate
recoding in most cases.
Bugs fixed
- The standard namespace prefixes were mishandled during "/C14N2"/
serialisation
on Python 3.
See
https://mail.python.org/archives/list/lxml@python.org/thread/
6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
- lxml.objectify previously accepted non-XML numbers with underscores
(like "/1_000"/) as integers or float values in Python 3.6 and later.
It now adheres to the number format of the XML spec again.
- LP#1939031: Static wheels of lxml now contain the header files of zlib
and libiconv (in addition to the already provided headers of
libxml2/libxslt/libexslt).
Other changes
- Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
- Update to 4.7.0 (2021-12-13)
- Release retracted due to missing files in lxml/includes/.
- UPdate to 4.6.5 (2021-12-12)
Bugs fixed
- A vulnerability (GHSL-2021-1038) in the HTML cleaner
- allowed sneaking script content through SVG images
- (bnc#1193752, CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed
- sneaking script content through CSS imports and other crafted
- constructs (CVE-2021-43818).
- Update 4.6.4 (2021-11-01)
Features added
- GH#317: A new property system_url was added to DTD entities.
- Patch by Thirdegree.
- GH#314: The STATIC_* variables in setup.py can now be passed
- via env vars.
- Patch by Isaac Jurado.
- Update 4.6.3 (2021-03-21)
Bugs fixed
- A vulnerability (CVE-2021-28957) was discovered in the HTML
- Cleaner by Kevin Chung, which allowed JavaScript to pass through.
- The cleaner now removes the HTML5 formaction attribute.
- Update 4.6.2 (2020-11-26)
Bugs fixed
- A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML
Cleaner
- by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner
- now removes more sneaky "/style"/ content.
- Update 4.6.1 (2020-10-18)
Bugs fixed
- A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
- which allowed JavaScript to pass through. The cleaner now removes
- more sneaky "/style"/ content.
- Update 4.6.0 (2020-10-17)
Features added
- GH#310: lxml.html.InputGetter supports __len__() to count the number
- of input fields. Patch by Aidan Woolley.
- lxml.html.InputGetter has a new .items() method to ease processing
- all input fields.
- lxml.html.InputGetter.keys() now returns the field names in document
- order.
- GH-309: The API documentation is now generated using sphinx-apidoc.
- Patch by Chris Mayo.
Bugs fixed
- LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
- when a default namespace was defined.
- TreeBuilder.close() raised AssertionError in some error cases where
- it should have raised XMLSyntaxError. It now raises a combined
- exception to keep up backwards compatibility, while switching to
- XMLSyntaxError as an interface.
- Update 4.5.2 (2020-07-09)
Bugs fixed
- Cleaner() now validates that only known configuration options
- can be set.
- LP#1882606: Cleaner.clean_html() discarded comments and PIs
- regardless of the corresponding configuration option, if
- remove_unknown_tags was set.
- LP#1880251: Instead of globally overwriting the document loader
- in libxml2, lxml now sets it per parser run, which improves the
- interoperability with other users of libxml2 such as libxmlsec.
- LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
- The setup options "/--with-xml2-config"/ and "/--with-xslt-config"/
- were accidentally renamed to "/--xml2-config"/ and "/--xslt-config"/
- in 4.5.1 and are now available again.
- Update 4.5.1 (2020-05-19)
Bugs fixed
- LP#1570388: Fix failures when serialising documents larger than
- 2GB in some cases.
- LP#1865141, GH#298: QName values were not accepted by the
- el.iter() method. Patch by xmo-odoo.
- LP#1863413, GH#297: The build failed to detect libraries on Linux
- that are only configured via pkg-config. Patch by Hugh McMaster.
- Update 4.5.0 (2020-01-29)
Features added
- A new function indent() was added to insert tail whitespace for
- pretty-printing an XML tree.
Bugs fixed
- LP#1857794: Tail text of nodes that get removed from a document
using item deletion disappeared silently instead of sticking with
the node that was removed.
Other changes
- MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS
explicitly to override it.
- Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
- LP#1840234: The package version number is now available as
lxml.__version__.
- Update 4.4.3 (2020-01-28)
Bugs fixed
- LP#1844674: itertext() was missing tail text of comments and PIs
since 4.4.0.
- python3
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Add patch support-expat-245.patch:
* Support Expat >= 2.4.5
- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
OpenSSL (bpo#9425).
- salt
-
- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
* patch_for_cve_bsc1197417.patch
- sudo
-
- Add sudo-1.9.5p2-honor-T_opt.patch
* the -T option of sudo does nothing even when
'Defaults user_command_timeouts' is present in the configuration.
* [bsc#1193446]
* Credit to Jaroslav Jindrak <dzejrou@gmail.com>
- supportutils
-
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
+ Added command blkid #114
+ Added s390x specific files and output #115
+ Fix for invalid argument during updates (bsc#1193204)
+ Optimized conf_files, conf_files_text and log_cmd functions #118
+ Fixed iscsi initiator name (bsc#1195797)
+ Added rpcinfo -p output #116
+ Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
+ Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
+ Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
+ Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
+ Include 'multipath -t' output in mpio.txt #105
+ Improved lsblk readability with --ascsi #106
+ Removed duplicate commands in network.txt
+ Remove duplicate firewalld status output #109
- suse-build-key
-
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
- tcl
-
- New version 8.6.12:
* (bug)[d43f96] [string trim*] broken for Emoji
* (bug)[22324b] [string reverse] broken for Emoji
* (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
* (bug)[8419c5] Unix tty channels tolerate EINTR
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[4c591f] [string compare] EIAS violation
* (bug)[266494] [concat foo [list #]] EIAS violation
* (bug)[24b918] Save IO buffers from modern optimizers
* (new) support for POSIX error EILSEQ
* (bug)[688fcc] segfault during traced delete of alias
* (bug)[ccc448] segfault in ensemble rewrite machinery
* (new) Update to Unicode-14
* (bug)[a8579d] failed proc argument spec processing
* Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
* Add tcltest::(Setup|Eval|Cleanup|)Test
* Update to Unicode-13
* Add 3 libtommath functions to stub table
* Many more bug fixes
- Potentially incompatible changes:
* (bug)[ffeb20] [binary decode base64] ignore invalid chars
* (bug)[b8e82d] some -maxlen values break uuencode round trip
* (bug)[085913] Tcl_DStringAppendElement # quoting precision
* (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
* (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
* (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
* (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
* (new) force -eofchar 032 when evaluating library scripts
* (new)[48898a] improve error message consistency
* (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- New version: 8.6.10:
* (bug)[7a9dc5] [file normalize ~/~foo] segfault
* (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
* (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
obsoletes tcl-expand-regression.patch.
* (bug)[e3f481] tests var-1.2[01]
* (new) Update to Unicode 12.0
* (new)[TIP 527] New command [timerate]
* (bug)[39fed4] [package require] memory validity
* (new) New command tcl::unsupported::corotype
* (bug) memlink when namespace deletion kills linked var
* (new) README file converted to README.md in Markdown
* (bug)[8b9854] [info level 0] regression with ensembles
* (bug)[6bdadf] crash multi-arg write-traced [lappend]
* (bug)[f8a33c] crash Tcl_Exit before init
* (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
* (bug)[fec0c1] C stack overflow compiling bytecode
* tzdata updated to Olson's tzdata2019c
* (bug)[16768d] Fix [info hostname] on NetBSD
* (new) libtommath updated to release 1.2.0
* (bug)[bcd100] bad fs cache when system encoding changes
* (bug)[135804] segfault in [next] after destroy
* (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
propagation
- Use FAT LTO objects in order to provide proper static
library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
(tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
* NR-enable [package require]
* (bug)[9fd5c6] crash in object deletion, test oo-11.5
* (bug)[3c32a3] crash deleting object with class mixed in
* (platform) stop using -lieee, removed from glibc-2.27
(bsc#1179615, bsc#1181840).
* (bug)[8e6a9a] bad binary [string match], test string-11.55
* (bug)[1873ea] repair multi-thread std channel init
* (bug)[db36fa] broken bytecode for index values
* (bug) broken compiled [string replace], test string-14.19
* (bug) [string trim*] engine crashed on invalid UTF
* (bug) missing trace in compiled [array set], test var-20.11
* (bug)[46a241] crash in unset array with search, var-13.[23]
* (bug)[27b682] race made [file delete] raise "/no such file"/
* (bug)[925643] 32/64 cleanup of filesystem DIR operations
* (bug) leaks in TclSetEnv and env cache
* (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
* (bug)[270f78] race in [file mkdir]
* (bug)[3f7af0] [file delete] raised "/permission denied"/
* (bug)[d051b7] overflow crash in [format]
* revised quoting of [exec] args in generated command line
* HTTP Keep-Alive with pipelined requests
* (new)[TIP 505] [lreplace] accepts all out of range indices
* (bug) Prevent crash from NULL keyName in the registry package
* Update tcltest package for Travis support
* (bug)[35a8f1] overlong string length of some lists
* (bug)[00d04c] Repair [binary encode base64]
- Version 8.6.8:
* [array names -regexp] supports backrefs
* Fix gcc build failures due to #pragma placement
* (bug)[b50fb2] exec redir append stdout and stderr to file
* (bug)[2a9465] http state 100 continue handling broken
* (bug)[0e4d88] replace command, delete trace kills namespace
* (bug)[1a5655] [info * methods] includes mixins
* (bug)[fc1409] segfault in method cloning, oo-15.15
* (bug)[3298012] Stop crash when hash tables overflow 32 bits
* (bug)[5d6de6] Close failing case of [package prefer stable]
* (bug)[4f6a1e] Crash when ensemble map and list are same
* (bug)[ce3a21] file normalize failure when tail is empty
* (new)[TIP 477] nmake build system reform
* (bug)[586e71] EvalObjv exception handling at level #0
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
iwidgets (bsc#903017).
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- timezone
-
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not -03-26*
* zdump -v now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
- update-alternatives
-
- break bash <-> update-alternatives cycle by coolo's rewrite
of %post in lua [bsc#1195654]
- util-linux
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
(bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- util-linux-systemd
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
(bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- xen
-
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output
Replace
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
by upstream backport
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
- Upstream bug fixes (bsc#1027519)
60782745-x86-AMD-split-LFENCE-setup.patch
6081bae4-x86-cpuid-LFENCE-always-serialising.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Update to Xen 4.14.4 bug fix release (bsc#1027519)
xen-4.14.4-testing-src.tar.bz2
- Drop patches contained in new tarball
6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
6138b7a2-x86-AMD-enum-speculative-hints.patch
6138b7a3-x86-AMD-use-newer-SSBD.patch
6139f1b1-x86-spec-ctrl-print-AMD-features.patch
6148453b-VT-d-hidden-devices-unmap.patch
6148455f-VT-d-PCI-segment-numbers-16-bits.patch
61532102-PCI-bridge-with-subord-bus-0xFF.patch
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
61655b5a-AMD-IOMMU-hidden-devices-flush.patch
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
618289da-x86-shstk-fix-with-XPTI-active.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
xsa393.patch
xsa394.patch
xsa395.patch
list not giving any output (see also bsc#1194267)
- yaml-cpp
-
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
yaml-cpp which cause DOS by stack consumption
(CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
- zlib
-
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
* bsc1197459.patch