- Mesa
-
- u_mesa-CVE-2023-45913.patch
* NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId()
(CVE-2023-45913, bsc#1222040)
- u_mesa-CVE-2023-45919.patch
* buffer over-read in glXQueryServerString()
(CVE-2023-45919, bsc#1222041)
- u_mesa-CVE-2023-45922.patch
* segmentation violation in __glXGetDrawableAttribute()
(CVE-2023-45922, bsc#1222042)
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- binutils
-
- Update to current 2.43.1 branch [PED-10474]:
* PR32109 - fuzzing problem
* PR32083 - LTO vs overridden common symbols
* PR32067 - crash with LTO-plugin and --oformat=binary
* PR31956 - LTO vs wrapper symbols
* riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks
- Allow to disable profiling
- Use %patch -P N instead of deprecated %patchN.
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
- Add binutils-use-less-memory.diff to be a little nicer to 32bit
userspace and huge links. [bsc#1216908]
- riscv-relro.patch: RISC-V: Protect .got with relro
- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- cloud-regionsrv-client
-
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- kernel-default
-
- ACPICA: executer/exsystem: Don't nag user about every Stall()
violating the spec (git-fixes).
- ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE
(stable-fixes).
- commit f94e799
- cachefiles: fix dentry leak in cachefiles_open_file()
(bsc#1231183).
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231182).
- commit ba82da7
- can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into
mcp251xfd_chip_start/stop() (stable-fixes).
- Refresh
patches.suse/can-mcp251xfd-clarify-the-meaning-of-timestamp.patch.
- commit 6779985
- USB: serial: pl2303: add device id for Macrosilicon MS3020
(stable-fixes).
- powercap/intel_rapl: Add support for AMD family 1Ah
(stable-fixes).
- ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK)
(stable-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI
match less strict (stable-fixes).
- ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes).
- drm: komeda: Fix an issue related to normalized zpos
(stable-fixes).
- can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing
configuration (stable-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01
(git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes).
- hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING
(stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error
(stable-fixes).
- wifi: mac80211: free skb on error path in
ieee80211_beacon_get_ap() (stable-fixes).
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(stable-fixes).
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
(stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room()
(stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
(stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination
(stable-fixes).
- platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F
DMI match less strict (stable-fixes).
- pinctrl: at91: make it work with current gpiolib (stable-fixes).
- can: mcp251xfd: properly indent labels (stable-fixes).
- commit a530f31
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit fe88a62
- supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035)
- commit 59d03d7
- Refresh
patches.suse/bpf-kprobe-remove-unused-declaring-of-bpf_kprobe_override.patch.
- commit 5a0b269
- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
(git-fixes).
- commit 1884922
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit d5df75c
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit ceb524e
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit cc6d7b5
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- i2c: designware: fix controller is holding SCL low while ENABLE
bit is disabled (git-fixes).
- drm/amd/display: handle nulled pipe context in DCE110's
set_drr() (git-fixes).
- drm/amdgpu: Fix get each xcp macro (git-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not
exist (git-fixes).
- cxl/pci: Fix to record only non-zero ranges (git-fixes).
- ata: libata-scsi: Fix ata_msense_control() CDL page reporting
(git-fixes).
- firmware_loader: Block path traversal (git-fixes).
- driver core: Fix a potential null-ptr-deref in
module_add_driver() (git-fixes).
- driver core: Fix error handling in driver API device_rename()
(git-fixes).
- ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate()
(git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors
(git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding
mutexes (git-fixes).
- ABI: testing: fix admv8818 attr description (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the
documentation (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges
(git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial
(git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings
(git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and
freeing them (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- spi: atmel-quadspi: Avoid overwriting delay register settings
(git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
(git-fixes).
- spi: atmel-quadspi: Undo runtime PM changes at driver exit time
(git-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path
(git-fixes).
- i3c: master: svc: Fix use after free vulnerability in
svc_i3c_master Driver Due to Race Condition (git-fixes).
- remoteproc: k3-r5: Fix error handling when power-up failed
(git-fixes).
- remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes).
- remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes).
- KEYS: prevent NULL pointer dereference in find_asymmetric_key()
(git-fixes).
- media: i2c: ar0521: Use cansleep version of gpiod_set_value()
(git-fixes).
- media: ov5675: Fix power on/off delay timings (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev
(git-fixes).
- media: platform: rzg2l-cru: rzg2l-csi2: Add missing
MODULE_DEVICE_TABLE (git-fixes).
- media: venus: fix use after free bug in venus_remove due to
race condition (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
(git-fixes).
- clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes).
- watchdog: imx_sc_wdt: Don't disable WDT in suspend (git-fixes).
- pinctrl: single: fix missing error code in pcs_probe()
(git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- commit c5ab3ca
- Move upstreamed SCSI patches into sorted section
- commit aba5747
- kcm: Serialise kcm_sendmsg() for the same socket (CVE-2024-44946
bsc#1230015).
- commit 4310760
- nvme-multipath: avoid hang on inaccessible namespaces
(bsc#1228244).
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946,bsc#1230015).
- commit a84ca87
- nvme-multipath: system fails to create generic nvme device
(bsc#1228244).
- commit 4fc57d2
- erofs: fix incorrect symlink detection in fast symlink
(git-fixes).
- commit 2e1ae75
- afs: Don't cross .backup mountpoint from backup volume
(git-fixes).
- commit f35dae1
- afs: Revert "afs: Hide silly-rename files from userspace"
(git-fixes).
- commit 11353bb
- scsi: sd: Fix off-by-one error in
sd_read_block_characteristics() (bsc#1223848).
- commit 621f2fb
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- commit af0ff0f
- drm/amd/display: Check denominator crb_pipes before used (CVE-2024-46772 bsc#1230772)
- commit 322be4a
- blacklist.conf: CVE-2024-46727 bsc#1230707: not applicable
No OTG code and all return values from
resource_get_otg_master_for_stream() are checked before use.
- commit f44b1e7
- arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes
(git-fixes).
- commit 642d7e6
- arm64: dts: imx8-ss-dma: Fix adc0 closing brace location
(git-fixes).
- commit 970cc49
- arm64: dts: rockchip: Correct vendor prefix for Hardkernel
ODROID-M1 (git-fixes).
- commit 87f0ae6
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight
PWM frequency (git-fixes).
- commit 1582b94
- arm64: dts: rockchip: Correct the Pinebook Pro battery design
capacity (git-fixes).
- commit 3b2ebbf
- arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount
to 4GB (git-fixes).
- commit 1059c29
- arm64: signal: Fix some under-bracketed UAPI macros (git-fixes).
- commit 9704ff3
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (git-fixes).
- commit 6052a8c
- arm64: dts: rockchip: fix eMMC/SPI corruption when audio has
been used on RK3399 Puma (git-fixes).
- commit 8b3743b
- Update
patches.suse/powerpc-pseries-make-max-polling-consistent-for-long.patch
(bsc#1215199 jsc#PED-10954).
- Update
patches.suse/security-integrity-fix-pointer-to-ESL-data-and-.patch
(bsc#1012628 jsc#PED-5085 jsc#PED-10954).
- commit ec9be2c
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (git-fixes).
- commit 7527015
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- commit 42389f0
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
Move patch into the sorted section.
- commit 77cf6fc
- Update patches.suse/ALSA-line6-Fix-racy-access-to-midibuf.patch
(stable-fixes CVE-2024-44954 bsc#1230176).
- Update
patches.suse/ASoC-dapm-Fix-UAF-for-snd_soc_pcm_runtime-object.patch
(git-fixes CVE-2024-46798 bsc#1230830).
- Update
patches.suse/Bluetooth-btnxpuart-Fix-Null-pointer-dereference-in-.patch
(stable-fixes CVE-2024-46749 bsc#1230780).
- Update
patches.suse/Bluetooth-btnxpuart-Shutdown-timer-and-prevent-rearm.patch
(stable-fixes CVE-2024-44962 bsc#1230213).
- Update
patches.suse/HID-amd_sfh-free-driver_data-after-destroying-hid-de.patch
(stable-fixes CVE-2024-46746 bsc#1230751).
- Update
patches.suse/HID-cougar-fix-slab-out-of-bounds-Read-in-cougar_rep.patch
(stable-fixes CVE-2024-46747 bsc#1230752).
- Update patches.suse/Input-MT-limit-max-slots.patch (stable-fixes
CVE-2024-45008 bsc#1230248).
- Update
patches.suse/Input-uinput-reject-requests-with-unreasonable-numbe.patch
(stable-fixes CVE-2024-46745 bsc#1230748).
- Update
patches.suse/KVM-arm64-Make-ICC_-SGI-_EL1-undef-in-the-absence-of.patch
(git-fixes CVE-2024-46707 bsc#1230582).
- Update
patches.suse/KVM-s390-fix-validity-interception-issue-when-gisa-is-switched-off.patch
(git-fixes bsc#1229167 CVE-2024-45005 bsc#1230173).
- Update
patches.suse/PCI-Add-missing-bridge-lock-to-pci_bus_lock.patch
(stable-fixes CVE-2024-46750 bsc#1230783).
- Update
patches.suse/Squashfs-sanity-check-symbolic-link-size.patch
(git-fixes CVE-2024-46744 bsc#1230747).
- Update
patches.suse/VMCI-Fix-use-after-free-when-removing-resource-in-vm.patch
(git-fixes CVE-2024-46738 bsc#1230731).
- Update
patches.suse/bpf-Fix-a-kernel-verifier-crash-in-stacksafe.patch
(bsc#1225903 CVE-2024-45020 bsc#1230433).
- Update
patches.suse/btrfs-fix-race-between-direct-IO-write-and-fsync-whe.patch
(git-fixes CVE-2024-46734 bsc#1230726).
- Update
patches.suse/can-bcm-Remove-proc-entry-when-dev-is-unregistered.patch
(git-fixes CVE-2024-46771 bsc#1230766).
- Update
patches.suse/can-mcp251x-fix-deadlock-if-an-interrupt-occurs-duri.patch
(git-fixes CVE-2024-46791 bsc#1230821).
- Update
patches.suse/char-xillybus-Check-USB-endpoints-when-probing-devic.patch
(git-fixes CVE-2024-45011 bsc#1230440).
- Update
patches.suse/char-xillybus-Don-t-destroy-workqueue-from-work-item.patch
(stable-fixes CVE-2024-45007 bsc#1230175).
- Update
patches.suse/dmaengine-altera-msgdma-properly-free-descriptor-in-.patch
(stable-fixes CVE-2024-46716 bsc#1230715).
- Update
patches.suse/driver-core-Fix-uevent_show-vs-driver-detach-race.patch
(git-fixes CVE-2024-44952 bsc#1230178).
- Update
patches.suse/driver-iio-add-missing-checks-on-iio_info-s-callback.patch
(stable-fixes CVE-2024-46715 bsc#1230700).
- Update
patches.suse/drm-amd-display-Assign-linear_pitch_alignment-even-f.patch
(stable-fixes CVE-2024-46732 bsc#1230711).
- Update
patches.suse/drm-amd-display-Check-UnboundedRequestEnabled-s-valu.patch
(stable-fixes CVE-2024-46778 bsc#1230776).
- Update
patches.suse/drm-amd-display-Check-denominator-pbn_div-before-use.patch
(stable-fixes CVE-2024-46773 bsc#1230791).
- Update
patches.suse/drm-amd-display-Check-index-for-aux_rd_interval-befo.patch
(stable-fixes CVE-2024-46728 bsc#1230703).
- Update
patches.suse/drm-amd-display-Ensure-array-index-tg_inst-won-t-be-.patch
(stable-fixes CVE-2024-46730 bsc#1230701).
- Update
patches.suse/drm-amd-display-Ensure-index-calculation-will-not-ov.patch
(stable-fixes CVE-2024-46726 bsc#1230706).
- Update
patches.suse/drm-amd-display-Run-DC_LOG_DC-after-checking-link-li.patch
(stable-fixes CVE-2024-46776 bsc#1230775).
- Update
patches.suse/drm-amd-display-Skip-wbscl_set_scaler_filter-if-filt.patch
(stable-fixes CVE-2024-46714 bsc#1230699).
- Update
patches.suse/drm-amd-display-avoid-using-null-object-of-framebuff.patch
(git-fixes CVE-2024-46694 bsc#1230511).
- Update
patches.suse/drm-amd-pm-fix-the-Out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46731 bsc#1230709).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-read-of-df_v1_7_channel.patch
(stable-fixes CVE-2024-46724 bsc#1230725).
- Update
patches.suse/drm-amdgpu-Fix-out-of-bounds-write-warning.patch
(stable-fixes CVE-2024-46725 bsc#1230705).
- Update
patches.suse/drm-amdgpu-Forward-soft-recovery-errors-to-userspace.patch
(stable-fixes CVE-2024-44961 bsc#1230207).
- Update patches.suse/drm-amdgpu-Validate-TA-binary-size.patch
(stable-fixes CVE-2024-44977 bsc#1230217).
- Update
patches.suse/drm-amdgpu-fix-dereference-after-null-check.patch
(stable-fixes CVE-2024-46720 bsc#1230724).
- Update
patches.suse/drm-amdgpu-fix-mc_data-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46722 bsc#1230712).
- Update
patches.suse/drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch
(stable-fixes CVE-2024-46723 bsc#1230702).
- Update
patches.suse/drm-mgag200-Bind-I2C-lifetime-to-DRM-device.patch
(git-fixes CVE-2024-44967 bsc#1230224).
- Update
patches.suse/drm-msm-dpu-cleanup-FB-if-dpu_format_populate_layout.patch
(git-fixes CVE-2024-44982 bsc#1230204).
- Update
patches.suse/drm-msm-dpu-move-dpu_encoder-s-connector-assignment-.patch
(git-fixes CVE-2024-45015 bsc#1230444).
- Update
patches.suse/drm-vmwgfx-Fix-prime-with-external-buffers.patch
(git-fixes CVE-2024-46709 bsc#1230539).
- Update
patches.suse/fs-netfs-fscache_cookie-add-missing-n_accesses-check.patch
(bsc#1229455 CVE-2024-45000 bsc#1230170).
- Update
patches.suse/fscache-delete-fscache_cookie_lru_timer-when-fscache-.patch
(bsc#1230602 CVE-2024-46786 bsc#1230813).
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229456 CVE-2024-44947).
- Update
patches.suse/hwmon-adc128d818-Fix-underflows-seen-when-writing-li.patch
(stable-fixes CVE-2024-46759 bsc#1230814).
- Update
patches.suse/hwmon-lm95234-Fix-underflows-seen-when-writing-limit.patch
(stable-fixes CVE-2024-46758 bsc#1230812).
- Update
patches.suse/hwmon-nct6775-core-Fix-underflows-seen-when-writing-.patch
(stable-fixes CVE-2024-46757 bsc#1230809).
- Update
patches.suse/hwmon-w83627ehf-Fix-underflows-seen-when-writing-lim.patch
(stable-fixes CVE-2024-46756 bsc#1230806).
- Update
patches.suse/media-dvb-usb-v2-af9035-Fix-null-ptr-deref-in-af9035.patch
(git-fixes CVE-2023-52915 bsc#1230270).
- Update
patches.suse/misc-fastrpc-Fix-double-free-of-buf-in-error-path.patch
(git-fixes CVE-2024-46741 bsc#1230749).
- Update
patches.suse/mmc-mmc_test-Fix-NULL-dereference-on-allocation-fail.patch
(git-fixes CVE-2024-45028 bsc#1230450).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/net-ethernet-mtk_wed-fix-use-after-free-panic-in-mtk.patch
(git-fixes CVE-2024-44997 bsc#1230232).
- Update
patches.suse/net-mana-Fix-RX-buf-alloc_size-alignment-and-atomic-.patch
(bsc#1229086 CVE-2024-45001 bsc#1230244).
- Update
patches.suse/net-phy-Fix-missing-of_node_put-for-leds.patch
(git-fixes CVE-2024-46767 bsc#1230787).
- Update
patches.suse/nfc-pn533-Add-poll-mod-list-filling-check.patch
(git-fixes CVE-2024-46676 bsc#1230535).
- Update
patches.suse/nilfs2-fix-missing-cleanup-on-rollforward-recovery-error.patch
(git-fixes CVE-2024-46781 bsc#1230768).
- Update
patches.suse/nilfs2-protect-references-to-superblock-parameters-exposed-in-sysfs.patch
(git-fixes CVE-2024-46780 bsc#1230808).
- Update
patches.suse/nouveau-firmware-use-dma-non-coherent-allocator.patch
(git-fixes CVE-2024-45012 bsc#1230441).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/pci-hotplug-pnv_php-Fix-hotplug-driver-crash-on-Powe.patch
(stable-fixes CVE-2024-46761 bsc#1230761).
- Update patches.suse/perf-Fix-event-leak-upon-exit.patch
(git-fixes CVE-2024-43870 bsc#1229494).
- Update
patches.suse/pinctrl-single-fix-potential-NULL-dereference-in-pcs.patch
(git-fixes CVE-2024-46685 bsc#1230515).
- Update
patches.suse/powerpc-qspinlock-Fix-deadlock-in-MCS-queue.patch
(bac#1230295 ltc#206656 CVE-2024-46797 bsc#1230831).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update
patches.suse/s390-dasd-fix-error-recovery-leading-to-data-corruption-on-ESE-devices.patch
(git-fixes bsc#1229452 CVE-2024-45026 bsc#1230454).
- Update
patches.suse/s390-sclp-Prevent-release-of-buffer-in-I-O.patch
(git-fixes bsc#1229169 CVE-2024-44969 bsc#1230200).
- Update
patches.suse/soc-qcom-cmd-db-Map-shared-memory-as-WC-not-WB.patch
(git-fixes CVE-2024-46689 bsc#1230524).
- Update
patches.suse/thunderbolt-Mark-XDomain-as-unplugged-when-router-is.patch
(stable-fixes CVE-2024-46702 bsc#1230589).
- Update
patches.suse/tty-serial-fsl_lpuart-mark-last-busy-before-uart_add.patch
(git-fixes CVE-2024-46706 bsc#1230580).
- Update
patches.suse/usb-dwc3-core-Prevent-USB-core-invalid-event-buffer-.patch
(stable-fixes CVE-2024-46675 bsc#1230533).
- Update
patches.suse/usb-dwc3-st-fix-probed-platform-device-ref-count-on-.patch
(git-fixes CVE-2024-46674 bsc#1230507).
- Update
patches.suse/usb-gadget-core-Check-for-unset-descriptor.patch
(git-fixes CVE-2024-44960 bsc#1230191).
- Update
patches.suse/usb-typec-ucsi-Fix-null-pointer-dereference-in-trace.patch
(stable-fixes CVE-2024-46719 bsc#1230722).
- Update
patches.suse/wifi-brcmfmac-cfg80211-Handle-SSID-based-pmksa-delet.patch
(git-fixes CVE-2024-46672 bsc#1230459).
- Update
patches.suse/wifi-mwifiex-Do-not-return-unused-priv-in-mwifiex_ge.patch
(stable-fixes CVE-2024-46755 bsc#1230802).
- Update
patches.suse/wifi-rtw88-usb-schedule-rx-work-after-everything-is-.patch
(stable-fixes CVE-2024-46760 bsc#1230753).
- Update
patches.suse/x86-mm-Fix-pti_clone_pgtable-alignment-assumption.patch
(git-fixes CVE-2024-44965 bsc#1230221).
- Update
patches.suse/x86-mtrr-Check-if-fixed-MTRRs-exist-before-saving-them.patch
(git-fixes CVE-2024-44948 bsc#1230174).
- Update
patches.suse/xhci-Fix-Panther-point-NULL-pointer-deref-at-full-sp.patch
(git-fixes CVE-2024-45006 bsc#1230247).
- commit 6da06c4
- Update patches.suse/gfs2-Fix-NULL-pointer-dereference-in-gfs2_log_flush.patch (bsc#1230948)
- commit 90a5b1b
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit a236c90
- cachefiles: Fix non-taking of sb_writers around set/removexattr
(bsc#1231008).
- commit 1b01b3e
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- commit a6683f0
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- Refresh
patches.suse/PCI-dwc-endpoint-Introduce-.pre_init-and-.deinit.patch.
- commit 34c9950
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: qcom-ep: Enable controller resources like PHY only after
refclk is available (git-fixes).
- PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
(git-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
(git-fixes).
- PCI: imx6: Fix missing call to phy_power_off() in error handling
(git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe
(git-fixes).
- PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main"
IRQ (git-fixes).
- PCI: Wait for Link before restoring Downstream Buses
(git-fixes).
- commit 1528eee
- WIP DO NOT PUSH btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (CVE-2024-46687 bsc#1230518)
- commit 17b4a47
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- commit 9f477b0
- net: ip_tunnel: prevent perpetual headroom growth
(CVE-2024-26804 bsc#1222629).
- commit 0ca3b23
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- commit 45cee3b
- blacklist.conf: too risky
- commit f0e13c3
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync
(git-fixes).
- commit e5e587b
- Input: tsc2004/5 - fix reset handling on probe (git-fixes).
- commit 1366de4
- Input: tsc2004/5 - do not hard code interrupt trigger
(git-fixes).
- commit 110dbdb
- Input: tsc2004/5 - use device core to create driver-specific
device attributes (git-fixes).
- commit 958966c
- Input: adp5588-keys - fix check on return code (git-fixes).
- commit d15133c
- drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704 CVE-2024-46729)
- commit 55d78a7
- RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes)
- commit d7bebcf
- RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes)
- commit b0aa848
- RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes)
- commit 6800d7e
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- commit dcf63e1
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit 23d3195
- RDMA/mlx5: Obtain upper net device only when needed (git-fixes)
- commit ca2d8dc
- RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes)
- commit 4481358
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- commit 7afe440
- RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes)
- commit 25e36c2
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- commit a18704a
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- commit 7b15e64
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- commit 60eb35c
- RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes)
- commit 3ab1ca2
- RDMA/hns: Don't modify rq next block addr in HIP09 QPC (git-fixes)
- commit 7100eb8
- RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes)
- commit 914ed66
- RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes)
- commit 60e75bb
- RDMA/erdma: Return QP state in erdma_query_qp (git-fixes)
- commit 09a59c3
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- commit 38bf526
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- commit c4f28a8
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit 0456b72
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 4cb7201
- blacklist.conf: add one for clang and one PCI git-fixes
- commit b26aea4
- Revert "PCI: Extend ACS configurability (bsc#1228090)." (bsc#1229019)
This reverts commit 571e4310e81312c847a5caee7e45e66aeea2a169. It breaks
ACS on certain platforms. Even 6.11 is affected. So drop for now and
investigate.
- commit 3b92a44
- blacklist.conf: CVE-2024-44972 bsc#1230212: not applicable
Subpage code exists but zoned mode is not enabled being hidden behind
CONFIG_BTRFS_DEBUG.
- commit ed17920
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit 3e3b2cb
- blacklist.conf: kABI
- commit 05421bb
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- commit 62ef4d1
- media: qcom: camss: Remove use_count guard in stop_streaming
(git-fixes).
- commit ef85228
- Revert "media: tuners: fix error return code of
hybrid_tuner_request_state()" (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (git-fixes).
- commit 48dc3a9
- net: bridge: xmit: make sure we have at least eth header len
bytes (CVE-2024-38538 bsc#1226606).
- commit 2548071
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
(bsc#1226666).
- commit dbae63e
- xen/swiotlb: fix allocated size (git-fixes).
- commit 199871d
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- commit 0ffbc04
- xen: tolerate ACPI NVS memory overlapping with Xen allocated
memory (bsc#1226003).
- commit 3dc14d8
- xen: allow mapping ACPI data using a different physical address
(bsc#1226003).
- commit 0928eec
- x86/tdx: Fix data leak in mmio_read() (CVE-2024-46794 bsc#1230825)
- commit 9a2a1c2
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit eb9d143
- nvme: fix namespace removal list (git-fixes).
- commit b45d192
- ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (CVE-2024-46735 bsc#1230727)
- commit 23e039f
- Update references for patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit 8ce7f58
- xen: add capability to remap non-RAM pages to different PFNs
(bsc#1226003).
- commit 47109fd
- net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717 bsc#1230719)
- commit d6a30a9
- xen: move max_pfn in xen_memory_setup() out of function scope
(bsc#1226003).
- commit 2750357
- xen: move checks for e820 conflicts further up (bsc#1226003).
- commit 191a602
- xen: introduce generic helper checking for memory map conflicts
(bsc#1226003).
- commit eb57cec
- xen: use correct end address of kernel for conflict checking
(bsc#1226003).
- commit c40fc6b
- scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429
jsc#PED-9899).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429
jsc#PED-9899).
- scsi: lpfc: Update PRLO handling in direct attached topology
(bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct
attached topology (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag
(bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Validate hdwq pointers before dereferencing in
reset/errata paths (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Remove redundant vport assignment when building
an abort request (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Change diagnostic log flag during receipt of
unknown ELS cmds (bsc#1229429 jsc#PED-9899).
- scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899).
- commit 18ec475
- drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540 CVE-2024-46710)
- commit 84f019d
- nvme-tcp: fix link failure for TCP auth (git-fixes).
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: allocate tagset on reset if necessary (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme: use srcu for iterating namespace list (git-fixes).
Refresh:
- patches.suse/nvme-tcp-sanitize-tls-key-handling.patch
- nvmet-rdma: fix possible bad dereference when freeing rsps
(git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvme: clear caller pointer on identify failure (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- commit 7382ad4
- Update
patches.suse/KVM-arm64-vgic-v2-Check-for-non-NULL-vCPU-in-vgic_v2.patch
(git-fixes CVE-2024-36953 bsc#1225812).
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit c9c3b6f
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(git-fixes).
- commit cc0f59d
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- commit 3244e52
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
(git-fixes).
- commit 90f4e49
- media: mtk-vcodec: potential null pointer deference in SCP (CVE-2024-40973 bsc#1227890)
- commit ce5074d
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- btrfs: reduce nesting for extent processing at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove superfluous metadata check at
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: replace BUG_ON() with error handling at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: simplify setting the full backref flag at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- btrfs: remove NULL transaction support for
btrfs_lookup_extent_info() (bsc#1230794 CVE-2024-46752).
- btrfs: remove level argument from btrfs_set_block_flags
(bsc#1230794 CVE-2024-46752).
- commit a1c1176
- btrfs: send: allow cloning non-aligned extent if it ends at
i_size (bsc#1230854).
- commit e9cad4b
- blacklist.conf: kABI
- commit 5244a06
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- commit 1f37ac4
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit b7bf7eb
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit e2cb129
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit b463b02
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- commit d948d87
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 300f40a
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs
(git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery
occurs (git-fixes).
- resource: fix region_intersects() vs add_memory_driver_managed()
(git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
(git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/msm/dsi: correct programming sequence for SM8350 / SM8450
(git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check
(git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage
(git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume
(git-fixes).
- drm/msm/a5xx: disable preemption in submits by default
(git-fixes).
- drm/msm: Fix incorrect file name output in adreno_request_fw()
(git-fixes).
- drm/mediatek: ovl_adaptor: Add missing of_node_put()
(git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue
(git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track
offsets (git-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amd/display: Add null check for set_output_gamma in
dcn30_set_output_transfer_func (git-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/radeon: fix null pointer dereference in
radeon_add_common_modes (git-fixes).
- drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get
(git-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in
drm_bridge_funcs::mode_valid() (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
(git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066
(git-fixes).
- drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc()
(git-fixes).
- drm/stm: Fix an error handling path in stm_drm_platform_probe()
(git-fixes).
- ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense
data (git-fixes).
- HID: wacom: Do not warn about dropped packets for first packet
(git-fixes).
- HID: wacom: Support sequence numbers smaller than 16-bit
(git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- ipmi: docs: don't advertise deprecated sysfs entries
(git-fixes).
- commit b4e4911
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit a155846
- firmware: qcom: scm: Mark get_wq_ctx() as atomic call (CVE-2024-46692 bsc#1230520)
- commit ee65da0
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit 49aab2b
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit 9cdd14b
- blacklist.conf: CVE-2024-46711 bsc#1230542: code partially present, fix part of refactoring and fix series
The patch to backport is one in a number of about 30 patches refactoring
and reworking MPTCP subflow handling. Several other patches are needed
just to apply it cleanly but also change some of the logic where the
actual fix would apply.
- commit 1a03613
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556)
- commit 68643d1
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit bfb799a
- xfs: restrict when we try to align cow fork delalloc to cowextsz
hints (git-fixes).
- commit 96ac1b7
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
(bsc#1227885).
- commit bf3362b
- Replace git-fixes tag by bsc#1226507,
patches.suse/md-Don-t-wait-for-MD_RECOVERY_NEEDED-for-HOT_REMOVE_DISK-ioctl-a1fd.patch
(bsc#1226507).
- commit b04e0cb
- closures: Change BUG_ON() to WARN_ON() (bsc#1229004,
CVE-2024-42252).
- commit 84b7984
- clk: Add a devm variant of clk_rate_exclusive_get()
(bsc#1227885).
- commit b6fb747
- r8152: add vendor/device ID pair for D-Link DUB-E250
(git-fixes).
- Refresh
patches.suse/r8152-add-vendor-device-ID-pair-for-ASUS-USB-C2500.patch.
- commit 0c077ab
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(git-fixes).
- commit 591cebb
- usbnet: ipheth: do not stop RX on failing RX callback
(git-fixes).
- commit c58c483
- usbnet: ipheth: drop RX URBs with no payload (git-fixes).
- commit 73a78e2
- KVM: arm64: Disallow copying MTE to guest memory while KVM is
dirty logging (git-fixes).
- commit 3cf4c02
- usbnet: ipheth: remove extraneous rx URB length check
(git-fixes).
- commit 507443a
- usbnet: ipheth: add CDC NCM support (git-fixes).
- commit 1bf1d1e
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags
hits ZONE_DEVICE (git-fixes).
- commit 64bccd6
- usbnet: ipheth: transmit URBs without trailing padding
(git-fixes).
- usbnet: ipheth: fix risk of NULL pointer deallocation
(git-fixes).
- commit d804072
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe
hyp init (git-fixes).
- commit 30df9d2
- drm/amd/display: Solve mst monitors blank out problem after
resume (git-fixes).
- commit cd94b30
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- commit 1a471dd
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
(git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits
(git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value
(git-fixes).
- mtd: slram: insert break after errors in parsing the map
(git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute
(git-fixes).
- power: supply: Drop use_cnt check from
power_supply_property_is_writeable() (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/
no current sense (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max
voltage (git-fixes).
- pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amd/display: Avoid race between dcn10_set_drr() and
dc_state_destruct() (git-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(stable-fixes).
- Input: ads7846 - ratelimit the spi_sync error message
(stable-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name
(stable-fixes).
- scripts: kconfig: merge_config: config files: add a trailing
newline (stable-fixes).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (stable-fixes).
- platform/surface: aggregator_registry: Add Support for Surface
Pro 10 (stable-fixes).
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- drm/mediatek: Set sensible cursor width/height values to fix
crash (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
(stable-fixes).
- wifi: mt76: mt7921: fix NULL pointer access in
mt7921_ipv6_addr_change (stable-fixes).
- net: phy: vitesse: repair vsc73xx autonegotiation
(stable-fixes).
- cxl/core: Fix incorrect vendor debug UUID define (git-fixes).
- drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes).
- drm/amd/display: Defer handling mst up request in resume
(stable-fixes).
- drm/amd/display: Disable error correction if it's not supported
(stable-fixes).
- commit 040b0ea
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
(bsc#1227885 CVE-2024-40965).
- commit abb755c
- x86/mm/ident_map: Use gbpages only where full GB page should
be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
kernel (bsc#1220382).
- commit 26eab5b
- Move upstreamed nvme patches into sorted section
- commit 1e42d2f
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
(git-fixes).
- commit 1cec71a
- ASoC: meson: Remove unused declartion in header file
(git-fixes).
- ASoC: soc-ac97: Fix the incorrect description (git-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer
the error (git-fixes).
- ASoC: tas2781-i2c: Get the right GPIO line (git-fixes).
- ASoC: cs42l42: Convert comma to semicolon (git-fixes).
- ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer
the error (git-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- selftests: lib: remove strscpy test (git-fixes).
- scripts: sphinx-pre-install: remove unnecessary double check
for $cur_version (git-fixes).
- Documentation: ioctl: document 0x07 ioctl code (git-fixes).
- module: Fix KCOV-ignored file name (git-fixes).
- reset: k210: fix OF node leak in probe() error path (git-fixes).
- reset: berlin: fix OF node leak in probe() error path
(git-fixes).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
(git-fixes).
- firmware: arm_scmi: Fix double free in OPTEE transport
(git-fixes).
- soc: versatile: integrator: fix OF node leak in probe() error
path (git-fixes).
- memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes).
- memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- spi: meson-spicc: convert comma to semicolon (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- regulator: core: Fix regulator_is_supported_voltage() kerneldoc
return value (git-fixes).
- regulator: core: Fix short description for
_regulator_check_status_enabled() (git-fixes).
- regulator: Return actual error in of_regulator_bulk_get_all()
(git-fixes).
- regulator: rt5120: Convert comma to semicolon (git-fixes).
- regulator: wm831x-isink: Convert comma to semicolon (git-fixes).
- clocksource/drivers/qcom: Add missing iounmap() on errors in
msm_dt_timer_init() (git-fixes).
- commit 994b020
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails
appropriately (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in
tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- crypto: ccp - do not request interrupt on cmd completion when
irqs disabled (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev
PLATFORM_STATUS failure (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in
cctrng_resume (git-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in
bcm2835_rng_init (git-fixes).
- crypto: iaa - Fix potential use after free bug (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- can: m_can: m_can_close(): stop clocks after device has been
shut down (git-fixes).
- can: m_can: enable NAPI before enabling interrupts (git-fixes).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
(git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer
(git-fixes).
- Bluetooth: hci_sync: Ignore errors from
HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED
(git-fixes).
- wifi: mt76: mt7925: fix a potential array-index-out-of-bounds
issue for clc (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value
(git-fixes).
- wifi: mt76: mt7921: Check devm_kasprintf() returned value
(git-fixes).
- wifi: mt76: mt7915: check devm_kasprintf() returned value
(git-fixes).
- wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality
(git-fixes).
- wifi: mt76: mt7603: fix mixed declarations and code (git-fixes).
- wifi: mt76: connac: fix checksum offload fields of connac3 RXD
(git-fixes).
- wifi: mt76: mt7996: fix NULL pointer dereference in
mt7996_mcu_sta_bfer_he (git-fixes).
- wifi: mt76: mt7996: fix EHT beamforming capability check
(git-fixes).
- wifi: mt76: mt7996: fix HE and EHT beamforming capabilities
(git-fixes).
- wifi: mt76: mt7996: fix wmm set of station interface to 3
(git-fixes).
- wifi: mt76: mt7996: fix traffic delay when switching back to
working channel (git-fixes).
- wifi: mt76: mt7996: use hweight16 to get correct tx antenna
(git-fixes).
- wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the
channel usage (git-fixes).
- wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in
wilc_parse_join_bss_param (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in
ieee80211_do_stop() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one
errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
(git-fixes).
- wifi: mac80211: fix the comeback long retry times (git-fixes).
- wifi: cfg80211: fix bug of mapping AF3x to incorrect User
Priority (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging
measurements (git-fixes).
- wifi: mac80211: don't use rate mask for offchannel TX either
(git-fixes).
- wifi: ath12k: fix invalid AMPDU factor calculation in
ath12k_peer_assoc_h_he() (git-fixes).
- wifi: ath12k: match WMI BSS chan info structure with firmware
definition (git-fixes).
- wifi: ath12k: fix BSS chan info request WMI command (git-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries
(git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts
(git-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: brcmfmac: introducing fwil query functions (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- commit ffce0ad
- net: tighten bad gso csum offset check in virtio_net_hdr
(git-fixes).
- commit 6b94c45
- blacklist.conf: add 840b2d39a2dc ("virtio_ring: fix KMSAN error for premapped mode")
- commit 2b97440
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE
and MSR_GS_BASE (git-fixes).
- commit aeba695
- blacklist.conf: add 611ff1b1ae98 ("xen: privcmd: Fix possible access to a freed kirqfd instance")
- commit d91e53f
- fscache: delete fscache_cookie_lru_timer when fscache exits
to avoid UAF (bsc#1230602).
- commit d2c95a5
- Update
patches.suse/virtio_net-Fix-napi_skb_cache_put-warning.patch
(git-fixes CVE-2024-43835 bsc#1229289).
- commit b9542fb
- x86/hyperv: fix kexec crash due to VP assist page corruption
(git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description
(git-fixes).
- commit c60d936
- Update references
patches.suse/selinux-smack-don-t-bypass-permissions-check-in-inod.patch
(stable-fixes CVE-2024-46695 bsc#1230519).
- commit 2a7bb57
- NFSv4: Add missing rescheduling points in
nfs_client_return_marked_delegations (git-fixes).
- commit a563f31
- nfsd: Don't leave work of closing files to a work queue
(bsc#1228140).
- Refresh
patches.suse/nfsd-use-__fput_sync-to-avoid-delayed-closing-of-fil.patch.
- commit 83ce74a
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoC: codecs: avoid possible garbage value in peb2466_reg_read()
(git-fixes).
- commit 5a67afd
- kABI workaround for soc-qcom pmic_glink changes (CVE-2024-46693
bsc#1230521).
- commit 9a06e25
- usb: typec: ucsi: Move unregister out of atomic section
(CVE-2024-46691 bsc#1230526).
- soc: qcom: pmic_glink: Fix race during initialization
(CVE-2024-46693 bsc#1230521).
- commit 26dd9b4
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(git-fixes).
- drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl
(git-fixes).
- drm/nouveau/fb: restore init() for ramgp102 (git-fixes).
- dma-buf: heaps: Fix off-by-one in CMA heap fault handler
(git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets
(git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling
(stable-fixes).
- commit 8d8bf2f
- md/raid1: Fix data corruption for degraded array with slow disk
(bsc#1230455, CVE-2024-45023).
- commit 34cd7b5
- perf/x86/intel: Limit the period on Haswell (git-fixes).
- perf/x86: Fix smp_processor_id()-in-preemptible warnings
(git-fixes).
- perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra
Forest (git-fixes).
- ARM: 9406/1: Fix callchain_trace() return value (git-fixes).
- bpf, events: Use prog to emit ksymbol event for main program
(git-fixes).
- perf/x86/intel: Add a distinct name for Granite Rapids
(git-fixes).
- perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake
(git-fixes).
- perf/x86/intel/uncore: Fix the bits of the CHA extended umask
for SPR (git-fixes).
- perf: Fix event leak upon exit (git-fixes).
- perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
(git-fixes).
- perf: Fix default aux_watermark calculation (git-fixes).
- perf: Prevent passing zero nr_pages to rb_alloc_aux()
(git-fixes).
- perf: Fix perf_aux_size() for greater-than 32-bit size
(git-fixes).
- perf/x86/intel/pt: Fix pt_topa_entry_for_page() address
calculation (git-fixes).
- perf/x86/intel/pt: Fix a topa_entry base address calculation
(git-fixes).
- perf/x86/intel/pt: Fix topa_entry base length (git-fixes).
- perf/x86: Serialize set_attr_rdpmc() (git-fixes).
- perf/core: Fix missing wakeup when waiting for context reference
(git-fixes).
- perf/x86/intel: Factor out the initialization code for SPR
(git fixes).
- perf/x86/intel: Use the common uarch name for the shared
functions (git fixes).
- commit bb48e43
- blacklist.conf: Add perf git-fix that won't be backported
- commit fbbd522
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit ce739c4
- i2c: tegra: Do not mark ACPI devices as irq safe (CVE-2024-45029 bsc#1230451)
- commit 2870112
- netfilter: flowtable: initialise extack before use (CVE-2024-45018 bsc#1230431)
- commit 8b44b15
- net/mlx5e: Take state lock during tx timeout reporter (CVE-2024-45019 bsc#1230432)
- commit 2552371
- net/mlx5: Fix IPsec RoCE MPV trace call (CVE-2024-45017 bsc#1230430)
- commit 60aac02
- igb: cope with large MAX_SKB_FRAGS (CVE-2024-45030 bsc#1230457)
- commit d2d3c69
- Move s390 kabi patch into the kabi section
- commit 4ab5d36
- s390/uv: Don't call folio_wait_writeback() without a folio
reference (git-fixes bsc#1229380 CVE-2024-43832).
- s390/mm: Convert gmap_make_secure to use a folio (git-fixes
bsc#1230562).
- s390/mm: Convert make_page_secure to use a folio (git-fixes
bsc#1230563).
- s390: allow pte_offset_map_lock() to fail (git-fixes
bsc#1230564).
- commit 7069eb7
- mm/vmalloc: fix page mapping if vm_area_alloc_pages() with
high order fallback to order 0 (CVE-2024-45022 bsc#1230435).
- commit cc8880a
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 6aa8957889611fbe7f06353f917cfb3d9620a680 to fix a regression (bsc#1230413)
- commit 720e36b
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 16ad73a9f4c2888f3bc28513f5e9a88d753f8741 to fix a regression (bsc#1230413)
- commit 2fd5290
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit 35f619d3c421219e07bc89d2d6a37fbff25519fe to fix a refression
(bsc#1230413)
- commit 7e5afd7
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit 99a85a8
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2
(stable-fixes).
- lib/generic-radix-tree.c: Fix rare race in
__genradix_ptr_alloc() (stable-fixes).
- kselftests: dmabuf-heaps: Ensure the driver name is
null-terminated (stable-fixes).
- regmap: maple: work around gcc-14.1 false-positive warning
(stable-fixes).
- phy: zynqmp: Take the phy mutex in xlate (stable-fixes).
- pcmcia: Use resource_size function on resource object
(stable-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
(stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
(stable-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- usb: gadget: aspeed_udc: validate endpoint index for ast udc
(stable-fixes).
- usb: uas: set host status byte on data completion error
(stable-fixes).
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
(stable-fixes).
- media: vivid: don't set HDMI TX controls if there are no HDMI
outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane
(stable-fixes).
- leds: spi-byte: Call of_node_put() on error path (stable-fixes).
- wifi: rtw88: usb: schedule rx work after everything is set up
(stable-fixes).
- wifi: rtw89: wow: prevent to send unexpected H2C during download
Firmware (stable-fixes).
- wifi: mwifiex: Do not return unused priv in
mwifiex_get_priv_by_id() (stable-fixes).
- wifi: ath12k: fix firmware crash due to invalid peer nss
(stable-fixes).
- wifi: ath12k: fix uninitialize symbol error on
ath12k_peer_assoc_h_he() (stable-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
(stable-fixes).
- wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
(stable-fixes).
- commit 3b57fa8
- Squashfs: sanity check symbolic link size (git-fixes).
- commit fa6af4a
- hwmon: (pmbus) Conditionally clear individual status bits for
pmbus rev >= 1.2 (git-fixes).
- Input: uinput - reject requests with unreasonable number of
slots (stable-fixes).
- HID: amd_sfh: free driver_data after destroying hid device
(stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
(stable-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA
setup (stable-fixes).
- Input: ili210x - use kvmalloc() to allocate buffer for firmware
update (stable-fixes).
- drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails
(stable-fixes).
- drm/amdgpu/display: handle gfx12 in
amdgpu_dm_plane_format_mod_supported (stable-fixes).
- drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
(stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in
check_tiling_flags_gfx6 (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used
(stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
(stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amdgpu: add missing error handling in function
amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (nct6775-core) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit
attributes (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit
attributes (stable-fixes).
- commit 2fa929e
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 6aa8957889611fbe7f06353f917cfb3d9620a680.
- commit 5376e5a
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 16ad73a9f4c2888f3bc28513f5e9a88d753f8741.
- commit 505329c
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit 35f619d3c421219e07bc89d2d6a37fbff25519fe.
- commit 937414d
- ata: libata: Fix memory leak for error path in ata_host_alloc()
(git-fixes).
- devres: Initialize an uninitialized struct member
(stable-fixes).
- ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX
for potentially broken alignment (stable-fixes).
- ASoC: topology: Properly initialize soc_enum values
(stable-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map
controls (stable-fixes).
- ALSA: control: Apply sanity check of input values for user
elements (stable-fixes).
- crypto: qat - fix unintentional re-enabling of error interrupts
(stable-fixes).
- drm/amd/display: Run DC_LOG_DC after checking link->link_enc
(stable-fixes).
- drm/amd/display: Check UnboundedRequestEnabled's value
(stable-fixes).
- drm/amd: Add gfx12 swizzle mode defs (stable-fixes).
- Bluetooth: btnxpuart: Fix Null pointer dereference in
btnxpuart_flush() (stable-fixes).
- can: mcp251xfd: rx: add workaround for erratum DS80000789E 6
of mcp2518fd (stable-fixes).
- can: mcp251xfd: rx: prepare to workaround broken RX FIFO head
index erratum (stable-fixes).
- can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out
in separate function (stable-fixes).
- can: mcp251xfd: clarify the meaning of timestamp (stable-fixes).
- can: kvaser_pciefd: Skip redundant NULL pointer check in ISR
(stable-fixes).
- ACPI: processor: Fix memory leaks in error paths of
processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info()
fails in processor_add() (stable-fixes).
- cpufreq: amd-pstate: fix the highest frequency issue which
limits performance (git-fixes).
- cpufreq: amd-pstate: Enable amd-pstate preferred core support
(stable-fixes).
- ACPI: CPPC: Add helper to get the highest performance value
(stable-fixes).
- Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync
queue (stable-fixes).
- Bluetooth: hci_event: Use HCI error defines instead of magic
values (stable-fixes).
- commit 96be389
- virtio_net: Fix napi_skb_cache_put warning (git-fixes).
- commit 860ef0a
- virtio_net: fixing XDP for fully checksummed packets handling
(git-fixes).
- commit 77fb9e7
- s390/dasd: Fix redundant /proc/dasd* entries removal
(bsc#1227694).
- commit b66530a
- Move upstreamed input patch into sorted section
- commit e197a51
- blacklist.conf: add db5247d9bf5c ("vhost_task: Handle SIGKILL by flushing work and exiting")
- commit 7acfcbb
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM
support is missing (git-fixes).
- commit 42f7b0c
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
(git-fixes).
- commit 610cfdd
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(git-fixes).
- commit bae7627
- kABI: Workaround kABI change in
patches.suse/iommu-dma-Trace-bounce-buffer-usage-when-mapping-buf.patch
(git-fixes).
- Refresh
patches.suse/iommu-dma-Trace-bounce-buffer-usage-when-mapping-buf.patch.
- commit d37ca1f
- blacklist.conf: add 778c350eb580 ("Revert KVM: async_pf: avoid recursive flushing of work items")
- commit 3ff1683
- KVM: arm64: Do not re-initialize the KVM lock (git-fixes).
- commit b05c6c8
- s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426
git-fixes).
- commit 5b1f3c2
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in
vgic_v2_parse_attr() (git-fixes).
- commit 4ccaaf2
- KVM: arm64: Don't pass a TLBI level hint when zapping table
entries (git-fixes).
- commit e3cb3e5
- blacklist.conf: add f62d4c3eb687 ("KVM: arm64: Don't defer TLB invalidation when zapping table entries")
- commit 80a75dc
- blacklist.conf: add c60d847be7b8 ("KVM: arm64: Fix double-free following kvm_pgtable_stage2_free_unlinked()")
- commit 518faac
- KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID
(git-fixes).
- commit 9d7939a
- KVM: arm64: Block unsafe FF-A calls from the host (git-fixes).
- commit 6327e50
- minmax: reduce min/max macro expansion in atomisp driver
(git-fixes).
- commit 6d37707
- net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (CVE-2024-44971 bsc#1230211)
- commit f262d95
- tcp: prevent concurrent execution of tcp_sk_exit_batch (CVE-2024-44991 bsc#1230195)
- commit 179b01d
- bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989 bsc#1230193)
- commit 5caf0d2
- perf arch events: Fix duplicate RISC-V SBI firmware event name
(git-fixes).
- commit 4570763
- perf tool: fix dereferencing NULL al->maps (git-fixes).
- commit 5e4751b
- perf intel-pt: Fix exclude_guest setting (git-fixes).
- commit e69b63b
- perf intel-pt: Fix aux_watermark calculation for 64-bit size
(git-fixes).
- commit e3b3bca
- perf report: Fix condition in sort__sym_cmp() (git-fixes).
- commit c3e65ee
- perf pmus: Fixes always false when compare duplicates aliases
(git-fixes).
- commit 8eeac69
- tools/perf: Fix the string match for "/tmp/perf-$PID.map"
files in dso__load (git-fixes).
- commit 9a7d0fb
- bonding: fix null pointer deref in bond_ipsec_offload_ok
(CVE-2024-44990 bsc#1230194).
- media: aspeed: Fix memory overwrite if timing is 1600x900
(CVE-2023-52916 bsc#1230269).
- commit 7cce3c7
- perf test: Make test_arm_callgraph_fp.sh more robust
(git-fixes).
- commit 8d430e5
- perf stat: Fix the hard-coded metrics calculation on the hybrid
(git-fixes).
- commit 0fe6062
- perf pmu: Assume sysfs events are always the same case
(git-fixes).
- Refresh
patches.suse/perf-pmu-Count-sys-and-cpuid-JSON-events-separately.patch.
- commit 0eb9b05
- rtla/osnoise: Prevent NULL dereference in error handling
(CVE-2024-45002 bsc#1230169).
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
(CVE-2024-44970 bsc#1230209).
- commit 33e2b5d
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- commit b3b20de
- thunderbolt: Fix calculation of consumed USB3 bandwidth on a
path (git-fixes).
- commit c3642e6
- Move fixes into sorted section (bsc#1230119)
- commit c8d5e3a
- Refresh patches.suse/ipmi-ssif-Improve-detecting-during-probing.patch
Add commit id and move away from out-of-tree section
- commit ceb6869
- Move upstreamed kaslr patch into sorted section
- commit 554594b
- net: dsa: mv88e6xxx: Fix out-of-bound access (CVE-2024-44988 bsc#1230192)
- commit 5ca3065
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit 075c292
- perf tools: Add/use PMU reverse lookup from config to name
(git-fixes).
- commit 62632fc
- perf tools: Use pmus to describe type from attribute
(git-fixes).
- commit 3dc616b
- perf: script: add raw|disasm arguments to --insn-trace option
(git-fixes).
- Refresh
patches.suse/perf-script-Show-also-errors-for-insn-trace-option.patch.
- commit f716aa4
- perf annotate: Use global annotation_options (git-fixes).
- Refresh
patches.suse/perf-annotate-Fix-annotation_calc_lines-to-pass-correct-address-to-get_srcline.patch.
- commit b70a6bc
- perf top: Convert to the global annotation_options (git-fixes).
- commit c12ae1d
- perf report: Convert to the global annotation_options
(git-fixes).
- commit e5bcc3a
- perf annotate: Introduce global annotation_options (git-fixes).
- commit b458961
- perf maps: Move symbol maps functions to maps.c (git-fixes).
- Refresh
patches.suse/perf-symbols-Fix-ownership-of-string-in-dso__load_vmlinux.patch.
- commit 93caf35
- perf annotate: Split branch stack cycles information out of
'struct annotation_line' (git-fixes).
- commit 733d4c0
- perf machine thread: Remove exited threads by default
(git-fixes).
- commit 3c4b077
- Update references for patches.suse/ipv6-fix-possible-UAF-in-ip6_finish_output2.patch (CVE-2024-44986 bsc#1230230 bsc#1230206)
- commit 814e7ee
- bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (CVE-2024-44984 bsc#1230240)
- commit 43e2e07
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit 057aaf8
- perf record: Lazy load kernel symbols (git-fixes).
- commit 84efd43
- Detect memory allocation failure in
annotated_source__alloc_histograms (bsc#1227962).
- commit 6424d7a
- Add alternate commit id for git-fixes.
Refresh
patches.suse/perf-evlist-Fix-evlist__new_default-for-1-core-PMU.patch.
- commit 3b7c481
- thunderbolt: There are only 5 basic router registers in pre-USB4
routers (git-fixes).
- commit 065ac58
- thunderbolt: Fix rollback in tb_port_lane_bonding_enable()
for lane 1 (git-fixes).
- commit 108e81e
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- commit db0a09e
- thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show
(git-fixes).
- commit b11c099
- Drop soundwire patch that caused a regression (bsc#1230350)
Deleted:
patches.suse/soundwire-stream-fix-programming-slave-ports-for-non.patch
- commit 5c05eeb
- btrfs: fix race between direct IO write and fsync when using
same fd (git-fixes).
- commit dc59ebc
- mm/swap: fix race when skipping swapcache (CVE-2024-26759
bsc#1230340).
- commit 990c0c6
- kABI workaround for cros_ec stuff (git-fixes).
- commit cb01b4e
- platform/chrome: cros_ec_lpc: MEC access can use an AML mutex
(stable-fixes).
- commit d9de020
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- commit 27572d4
- x86/pat: Fix W^X violation false-positives when running as
Xen PV guest (bsc#1221527).
- commit 9acf0ca
- x86/pat: Restructure _lookup_address_cpa() (bsc#1221527).
- commit 56f7c9c
- powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295
ltc#206656).
- commit c4a2ba1
- Refresh
patches.kabi/kabi-dm_blk_ioctl-implement-path-failover-for-SG_IO.patch.
- Refresh
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch.
- commit 73c5a36
- x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops()
(bsc#1221527).
- commit 84d383c
- x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527).
- commit 09ca5ca
- drm/amd/display: Replace dm_execute_dmub_cmd with
dc_wake_and_execute_dmub_cmd (git-fixes).
- commit 6d87705
- wifi: cfg80211: make hash table duplicates more survivable
(stable-fixes).
- Refresh patches.kabi/wireless-kabi-workaround.patch.
- commit 62f6e12
- VMCI: Fix use-after-free when removing resource in
vmci_resource_remove() (git-fixes).
- misc: fastrpc: Fix double free of 'buf' in error path
(git-fixes).
- iio: fix scale application in
iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error
(git-fixes).
- iio: adc: ad7606: remove frstdata check for serial mode
(git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter
value (git-fixes).
- usb: dwc3: Avoid waking up gadget during startxfer (git-fixes).
- net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes).
- drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo
(stable-fixes).
- drm/fb-helper: Don't schedule_work() to flush frame buffer
during panic() (stable-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe
(stable-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace
(stable-fixes).
- usbip: Don't submit special requests twice (stable-fixes).
- media: uvcvideo: Enforce alignment of frame and interval
(stable-fixes).
- wifi: ath12k: initialize 'ret' in
ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes).
- wifi: ath11k: initialize 'ret' in
ath11k_qmi_load_file_target_mem() (stable-fixes).
- wifi: ath12k: initialize 'ret' in
ath12k_qmi_load_file_target_mem() (stable-fixes).
- wifi: rtw89: ser: avoid multiple deinit on same CAM
(stable-fixes).
- wifi: mac80211: check ieee80211_bss_info_change_notify()
against MLD (stable-fixes).
- wifi: cfg80211: restrict operation during radar detection
(stable-fixes).
- pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode
(stable-fixes).
- hwmon: (k10temp) Check return value of amd_smn_read()
(stable-fixes).
- regmap: spi: Fix potential off-by-one when calculating reserved
size (stable-fixes).
- commit 73bbd93
- clocksource/drivers/imx-tpm: Fix next event not taking effect
sometime (git-fixes).
- clocksource/drivers/imx-tpm: Fix return -ETIME when delta
exceeds INT_MAX (git-fixes).
- dma-debug: avoid deadlock between dma debug vs printk and
netconsole (stable-fixes).
- drm/amdgpu: fix contiguous handling for IB parsing v2
(git-fixes).
- dmaengine: altera-msgdma: properly free descriptor in
msgdma_free_descriptor (stable-fixes).
- dmaengine: altera-msgdma: use irq variant of spin_lock/unlock
while invoking callbacks (stable-fixes).
- driver: iio: add missing checks on iio_info's callback access
(stable-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
(stable-fixes).
- drm/amd/display: Check BIOS images before it is used
(stable-fixes).
- drm/amd/display: Avoid overflow from uint32_t to uint8_t
(stable-fixes).
- drm/amd/display: use preferred link settings for dp signal only
(stable-fixes).
- drm/amd/display: Remove register from DCN35 DMCUB diagnostic
collection (stable-fixes).
- drm/amd/display: Correct the defined value for
AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream
(stable-fixes).
- drm/amd/display: Wake DMCUB before sending a command for replay
feature (stable-fixes).
- drm/amd/display: Don't use fsleep for PSR exit waits on dmub
replay (stable-fixes).
- drm/amdgpu: fix overflowed constant warning in
mmhub_set_clockgating() (stable-fixes).
- drm/amdgpu: add lock in kfd_process_dequeue_from_device
(stable-fixes).
- drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb
(stable-fixes).
- drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes).
- drm/bridge: tc358767: Check if fully initialized before
signalling HPD event via IRQ (stable-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/drm-bridge: Drop conditionals around of_node pointers
(stable-fixes).
- drm/amd/display: Add null checks for 'stream' and 'plane'
before dereferencing (stable-fixes).
- drm/amdgu: fix Unintentional integer overflow for mall size
(stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions
(stable-fixes).
- drm/amd/display: Fix pipe addition logic in
calc_blocks_to_ungate DCN35 (stable-fixes).
- drm/kfd: Correct pinned buffer handling at kfd restore and
validate process (stable-fixes).
- drm/amd/pm: check negtive return for table entries
(stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4
(stable-fixes).
- drm/amd/pm: check specific index for smu13 (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu: Fix the warning division or modulo by zero
(stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode
setting on legacy SOCs (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in
struct kfd_topology_device (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning
(stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in
amdgpu_info_ioctl (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
(stable-fixes).
- drm/amdkfd: Check debug trap enable before write dbg_ev_file
(stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu: Fix the uninitialized variable warning
(stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
(stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
(stable-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/display: Fix index may exceed array range within
fpu_update_bw_bounding_box (stable-fixes).
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow
(stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
decide_fallback_link_setting_max_bw_policy (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
dal_gpio_service_create (stable-fixes).
- drm/amd/display: Fix Coverity INTERGER_OVERFLOW within
construct_integrated_info (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation
(stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing
reader_wm_sets[] (stable-fixes).
- drm/amd/display: Add array index check for hdcp ddc access
(stable-fixes).
- drm/amd/display: Check index for aux_rd_interval before using
(stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums
greater than 6 (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index
(stable-fixes).
- drm/amd/display: Ensure array index tg_inst won't be -1
(stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
(stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning
(stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of
max_vid_step (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
(stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
(stable-fixes).
- drm/amdgpu: fix overflowed array index read warning
(stable-fixes).
- drm/amdgpu: Handle sg size limit for contiguous allocation
(stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM
(stable-fixes).
- drm/amd/display: Handle the case which quad_part is equal 0
(stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in
amdgpu_afmt_acr (stable-fixes).
- cpufreq: scmi: Avoid overflow of target_freq in fast switch
(stable-fixes).
- commit e23c4dc
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- commit 8c8b9e5
- clk: qcom: gcc-sc8280xp: don't use parking clk_ops for QUPs
(git-fixes).
- clk: qcom: gcc-sm8550: Don't park the USB RCG at registration
time (git-fixes).
- clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
(git-fixes).
- clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
(git-fixes).
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL
is disabled (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate
API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- commit 060a67a
- ALSA: hda/realtek - Fix inactive headset mic jack for ASUS
Vivobook 15 X1504VAP (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
(stable-fixes).
- ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx
(stable-fixes).
- ALSA: hda/realtek: extend quirks for Clevo V5[46]0
(stable-fixes).
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145
(stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers
on Sirius devices (stable-fixes).
- commit 5538dd8
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
(git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload
(git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
(git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- mmc: core: apply SD quirks earlier during probe (git-fixes).
- gpio: modepin: Enable module autoloading (git-fixes).
- gpio: rockchip: fix OF node leak in probe() (git-fixes).
- Revert "drm/amdgpu: align pp_power_profile_mode with kernel
docs" (stable-fixes).
- nouveau: fix the fwsec sb verification register (git-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused
(git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with
__maybe_unused (git-fixes).
- drm/i915: Do not attempt to load the GSC multiple times
(git-fixes).
- commit 7a89765
- blacklist.conf: CVE-2024-43886 bsc#1229748: not applicable, functionality not present
The fix adds a NULL check but it is already there in this codebase. The
upstream fix is for patch 5db346c256bbac ("drm/amd/display: update pipe
topology log to support subvp") that adds a secondary display and
refactors code so the NULL check gets lost in
resource_log_pipe_topology_update().
- commit b9c5bf2
- ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206)
- commit 64f6ea9
- ipv6: prevent possible UAF in ip6_xmit() (CVE-2024-44985 bsc#1230206)
- commit 209198a
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 630b67a
- Restore dropped fields for bluetooth MGMT/SMP structs
(git-fixes).
- commit 5313ecb
- usbnet: modern method to get random MAC (git-fixes).
- net: phy: Fix missing of_node_put() for leds (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type
(git-fixes).
- Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP
over BREDR/LE" (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during
mcp251x_open (git-fixes).
- can: mcp251xfd: fix ring configuration when switching from
CAN-CC to CAN-FD mode (git-fixes).
- can: m_can: Release irq on error in m_can_open (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered
(git-fixes).
- spi: rockchip: Resolve unbalanced runtime PM / system PM
handling (git-fixes).
- regulator: core: Stub devm_regulator_bulk_get_const() if
!CONFIG_REGULATOR (git-fixes).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init()
(git-fixes).
- commit b6769e6
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- serial: sc16is7xx: fix TX fifo corruption (CVE-2024-44951
bsc#1230181).
- serial: sc16is7xx: refactor FIFO access functions to increase
commonality (CVE-2024-44951 bsc#1230181).
- commit 4ab54b2
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- commit ed692a4
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- commit fd57936
- tcp: add sanity checks to rx zerocopy (CVE-2024-26640
bsc#1221650).
- commit 21286c2
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- commit 047a639
- nilfs2: fix state management in error path of log writing
function (git-fixes).
- commit 9b55988
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
(git-fixes).
- commit a322b71
- usb: dwc3: core: Prevent USB core invalid event buffer address
access (git-fixes).
- commit de7b6b3
- nilfs2: fix missing cleanup on rollforward recovery error
(git-fixes).
- commit b4149d3
- nilfs2: protect references to superblock parameters exposed
in sysfs (git-fixes).
- commit e7215f6
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- commit a52467b
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- commit 26752eb
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- commit 24bd468
- blacklist.conf: ("KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range()") (bsc#1229585)
- commit 29fbf2b
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- commit b8ec0d4
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- commit e08c708
- USB: serial: option: add MeiG Smart SRM825L (stable-fixes).
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
(stable-fixes).
- usb: dwc3: core: Prevent USB core invalid event buffer address
access (stable-fixes).
- selinux,smack: don't bypass permissions check in inode_setsecctx
hook (stable-fixes).
- drm/amdgpu/swsmu: always force a state reprogram on init
(stable-fixes).
- drm/amdgpu: align pp_power_profile_mode with kernel docs
(stable-fixes).
- commit 1d64229
- Resort io_uring kABI patches
These ended up in the wrong section. Push them to the right place, next
to the other io_uring kabi patches.
- commit f218522
- kABI: Split kABI out of 'io_uring: Re-add dummy_ubuf for kABI purposes'
When introducing this patch, I merged the kABI patch with the actual
backport, which is not recommended. Split it up, such that the backport
is similar to the upstream patch and handle the kABI issue exactly the
same way, but through a separate kABI patch.
- commit 5b3aa8f
- kABI: Split kABI out of 'io_uring/kbuf: get rid of bl->is_ready'
When introducing this patch, I merged the kABI patch with the actual
backport, which is not recommended. Split it up, such that the backport
is similar to the upstream patch and handle the kABI issue exactly the
same way, but through a separate kABI patch.
- commit d39d376
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit d9361cb
- udf: Fix bogus checksum computation in udf_rename() (bsc#1229389
CVE-2024-43845).
- commit 985c73e
- ext4: fix infinite loop when replaying fast_commit (bsc#1229394
CVE-2024-43828).
- commit c9c168b
- block: fix deadlock between sd_remove & sd_release (bsc#1229371
CVE-2024-42294).
- commit a556834
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit 26b3a5d
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit d42c7e5
- mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray
(bsc#1229001 CVE-2024-42243).
- commit 962c57e
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 1088a58
- ext4: make sure the first directory block is not a hole
(bsc#1229364 CVE-2024-42304).
- commit 0ee54f7
- netfilter: ctnetlink: use helper function to calculate expect ID
(CVE-2024-44944 bsc#1229899).
- commit da9b5c6
- sctp: Fix null-ptr-deref in reuseport_add_sock()
(CVE-2024-44935 bsc#1229810).
- commit c34ddb2
- perf/x86/uncore: Cleanup unused unit structure (bsc#1230119).
- commit 48a66a6
- perf/x86/uncore: Apply the unit control RB tree to PCI uncore
units (bsc#1230119).
- commit e202e9f
- perf/x86/uncore: Apply the unit control RB tree to MSR uncore
units (bsc#1230119).
- commit 8a1e34d
- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore
units (bsc#1230119).
- commit 956825c
- perf/x86/uncore: Retrieve the unit ID from the unit control
RB tree (bsc#1230119).
- commit 81ab2f7
- perf/x86/uncore: Support per PMU cpumask (bsc#1230119).
- commit e0b1be5
- perf/x86/uncore: Save the unit control address of all units
(bsc#1230119).
- commit 3062251
- perf/x86/intel/uncore: Support HBM and CXL PMON counters
(bsc#1230119).
- commit a4c2665
- fuse: update stats for pages in dropped aux writeback list
(bsc#1230125).
- fuse: fix memory leak in fuse_create_open (bsc#1230124).
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230123).
- commit c8902bc
- Split kabi part of dm_blk_ioctl-implement-path-failover-for-SG_IO.patch
- kabi: dm_blk_ioctl: implement path failover for SG_IO
(bsc#1183045, bsc#1216776).
- Refresh
patches.suse/dm_blk_ioctl-implement-path-failover-for-SG_IO.patch.
- commit 9a2ecb0
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
(git-fixes).
- commit 3ab58b8
- blacklist.conf: These aren't wanted for various reasons.
- commit 39478da
- kABI: Split kABI out of io_uring/kbuf: protect io_buffer_list teardown with a
reference
When introducing this patch, I merged the kABI patch with the actual
backport, which is not recommended. Split it up, such that the backport
is similar to the upstream patch and handle the kABI issue exactly the
same way, but through a separate kABI patch.
- commit 08e57d6
- blacklist.conf: Add cf3f9a593dab mm: optimize the redundant loop of mm_update_owner_next()
- commit 3184f0b
- blacklist.conf: d24f05987ce8 cgroup: Avoid extra dereference in css_populate_dir()
- commit 922f944
- usb: typec: ucsi: Wait 20ms before reading CCI after a reset
(git-fixes).
- commit 26d16be
- ceph: periodically flush the cap releases (bsc#1230056).
- commit e22b6e0
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 1bec58d
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 13aba13
- net/sched: act_ct: fix skb leak and crash on ooo frags
(CVE-2023-52610 bsc#1221610).
- commit 7a32533
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 6553526
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit 35f619d
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 16ad73a
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 6aa8957
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit 4dc1da1
- xfs: Fix missing interval for missing_owner in xfs fsmap
(git-fixes).
- commit 5448ab5
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
(git-fixes).
- commit 288ad9b
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit 49b5eec
- usb: cdnsp: fix for Link TRB with TC (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path
(git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe
error path (git-fixes).
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
remove_power_attributes() (git-fixes).
- usb: typec: fsa4480: Relax CHIP_ID check (git-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path
(git-fixes).
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
(git-fixes).
- soc: qcom: pmic_glink: Actually communicate when remote goes
down (git-fixes).
- soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes).
- commit 7121142
- dmaengine: dw: Add memory bus width verification (git-fixes).
- dmaengine: dw: Add peripheral bus width verification
(git-fixes).
- soundwire: stream: fix programming slave ports for non-continous
port maps (git-fixes).
- commit b7e9784
- Update
patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
(git-fixes CVE-2024-35902 bsc#1224496).
- Update
patches.suse/ASoC-TAS2781-Fix-tasdev_load_calibrated_data.patch
(git-fixes CVE-2024-42278 bsc#1229403).
- Update
patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
(git-fixes CVE-2024-43818 bsc#1229296).
- Update
patches.suse/ASoC-fsl-fsl_qmc_audio-Check-devm_kasprintf-returned.patch
(git-fixes CVE-2024-42298 bsc#1229369).
- Update
patches.suse/Bluetooth-MGMT-Add-error-handling-to-pair_device.patch
(git-fixes CVE-2024-43884 bsc#1229739).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-bei.patch
(git-fixes CVE-2024-26976 bsc#1223635).
- Update
patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
(git-fixes CVE-2024-42302 bsc#1229366).
- Update
patches.suse/PCI-endpoint-Clean-up-error-handling-in-vpci_scan_bu.patch
(git-fixes CVE-2024-43875 bsc#1229486).
- Update
patches.suse/PCI-endpoint-pci-epf-test-Make-use-of-cached-epc_fea.patch
(git-fixes CVE-2024-43824 bsc#1229320).
- Update
patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
(git-fixes CVE-2024-43823 bsc#1229303).
- Update
patches.suse/PCI-rcar-Demote-WARN-to-dev_warn_ratelimited-in-rcar.patch
(git-fixes CVE-2024-43876 bsc#1229485).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
(git-fixes CVE-2024-43872 bsc#1229489).
- Update
patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
(git-fixes CVE-2024-42285 bsc#1229381).
- Update
patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
(bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update
patches.suse/SUNRPC-add-a-missing-rpc_stat-for-TCP-TLS.patch
(git-fixes CVE-2024-36907 bsc#1225751).
- Update
patches.suse/bpf-arm64-Fix-trampoline-for-BPF_TRAMP_F_CALL_ORIG.patch
(git-fixes CVE-2024-43840 bsc#1229344).
- Update
patches.suse/btrfs-fix-double-inode-unlock-for-direct-IO-sync-wri.patch
(git-fixes CVE-2024-43885 bsc#1229747).
- Update
patches.suse/btrfs-fix-extent-map-use-after-free-when-adding-page.patch
(git-fixes CVE-2024-42314 bsc#1229355).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_snp.patch
(git-fixes CVE-2024-43874 bsc#1229487).
- Update
patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
(git-fixes CVE-2024-43871 bsc#1229490).
- Update
patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
(git-fixes CVE-2024-43856 bsc#1229346).
- Update
patches.suse/drm-admgpu-fix-dereferencing-null-pointer-context.patch
(stable-fixes CVE-2024-43906 bsc#1229785).
- Update
patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
(stable-fixes CVE-2024-43903 bsc#1229781).
- Update
patches.suse/drm-amd-display-Add-null-checker-before-passing-vari.patch
(stable-fixes CVE-2024-43902 bsc#1229767).
- Update
patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
(stable-fixes CVE-2024-43895 bsc#1229755).
- Update
patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
(stable-fixes CVE-2024-43905 bsc#1229784).
- Update
patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
(stable-fixes CVE-2024-43908 bsc#1229788).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
(stable-fixes CVE-2024-43909 bsc#1229789).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
(stable-fixes CVE-2024-43907 bsc#1229787).
- Update
patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
(git-fixes CVE-2024-43894 bsc#1229746).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
(git-fixes CVE-2024-42310 bsc#1229358).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
(git-fixes CVE-2024-42309 bsc#1229359).
- Update
patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
(git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
(git-fixes CVE-2024-43829 bsc#1229341).
- Update
patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
(git-fixes CVE-2024-43863 bsc#1229497).
- Update
patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
(git-fixes CVE-2024-42315 bsc#1229354).
- Update
patches.suse/gpio-prevent-potential-speculation-leaks-in-gpio_dev.patch
(stable-fixes CVE-2024-44931 bsc#1229837).
- Update
patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
(git-fixes CVE-2024-42311 bsc#1229413).
- Update
patches.suse/iio-Fix-the-sorting-functionality-in-iio_gts_build_a.patch
(git-fixes CVE-2024-43825 bsc#1229298).
- Update
patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
(git-fixes CVE-2024-43858 bsc#1229414).
- Update
patches.suse/jfs-Fix-shift-out-of-bounds-in-dbDiscardAG.patch
(git-fixes CVE-2024-44938 bsc#1229792).
- Update
patches.suse/jfs-fix-null-ptr-deref-in-dtInsertEntry.patch
(git-fixes CVE-2024-44939 bsc#1229820).
- Update
patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
(git-fixes CVE-2024-42292 bsc#1229373).
- Update
patches.suse/kvm-s390-Reject-memory-region-operations-for-ucontrol-VMs.patch
(git-fixes bsc#1229168 CVE-2024-43819 bsc#1229290).
- Update
patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
(git-fixes CVE-2024-43830 bsc#1229305).
- Update
patches.suse/lib-objagg-Fix-general-protection-fault.patch
(git-fixes CVE-2024-43846 bsc#1229360).
- Update
patches.suse/libbpf-Use-OPTS_SET-macro-in-bpf_xdp_query.patch
(git-fixes CVE-2024-27050 bsc#1223767).
- Update
patches.suse/mISDN-Fix-a-use-after-free-in-hfcmulti_tx.patch
(git-fixes CVE-2024-42280 bsc#1229388).
- Update
patches.suse/mailbox-mtk-cmdq-Move-devm_mbox_controller_register-.patch
(git-fixes CVE-2024-42319 bsc#1229350).
- Update
patches.suse/md-raid5-fix-deadlock-that-raid5d-wait-for-itself-to-clear-MD_SB_CHANGE_PENDING-151f.patch
(git-fixes CVE-2024-39476 bsc#1227437).
- Update
patches.suse/media-imx-pxp-Fix-ERR_PTR-dereference-in-pxp_probe.patch
(git-fixes CVE-2024-42303 bsc#1229365).
- Update
patches.suse/media-pci-ivtv-Add-check-for-DMA-map-result.patch
(git-fixes CVE-2024-43877 bsc#1229484).
- Update
patches.suse/media-v4l-async-Fix-NULL-pointer-dereference-in-addi.patch
(git-fixes CVE-2024-43833 bsc#1229299).
- Update
patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
(git-fixes CVE-2024-42313 bsc#1229356).
- Update
patches.suse/media-xc2028-avoid-use-after-free-in-load_firmware_c.patch
(stable-fixes CVE-2024-43900 bsc#1229756).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/net-drop-bad-gso-csum_start-and-offset-in-virtio_net.patch
(git-fixes CVE-2024-43897 bsc#1229752).
- Update
patches.suse/net-iucv-fix-use-after-free-in-iucv_sock_close.patch
(bsc#1228973 CVE-2024-42271 bsc#1229400).
- Update patches.suse/net-missing-check-virtio.patch (git-fixes
CVE-2024-43817 bsc#1229312).
- Update
patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
(git-fixes CVE-2024-43861 bsc#1229500).
- Update
patches.suse/nfs-pass-explicit-offset-count-to-trace-events.patch
(git-fixes CVE-2024-43826 bsc#1229294).
- Update
patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
(git-fixes CVE-2024-42276 bsc#1229410).
- Update
patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
(git-fixes CVE-2024-43889 bsc#1229743).
- Update
patches.suse/remoteproc-imx_rproc-Skip-over-memory-region-when-no.patch
(git-fixes CVE-2024-43860 bsc#1229319).
- Update
patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
(git-fixes bsc#1229173 CVE-2024-42320 bsc#1229349).
- Update
patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
(bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
patches.suse/serial-core-check-uartclk-for-zero-to-avoid-divide-b.patch
(stable-fixes CVE-2024-43893 bsc#1229759).
- Update
patches.suse/soc-qcom-pdr-protect-locator_addr-with-the-main-mute.patch
(git-fixes CVE-2024-43849 bsc#1229307).
- Update
patches.suse/soc-xilinx-rename-cpu_number1-to-dummy_cpu_number.patch
(git-fixes CVE-2024-43851 bsc#1229313).
- Update
patches.suse/spi-microchip-core-ensure-TX-and-RX-FIFOs-are-empty-.patch
(git-fixes CVE-2024-42279 bsc#1229390).
- Update
patches.suse/usb-vhci-hcd-Do-not-drop-references-before-new-refer.patch
(stable-fixes CVE-2024-43883 bsc#1229707).
- Update
patches.suse/vhost-vsock-always-initialize-seqpacket_allow.patch
(git-fixes CVE-2024-43873 bsc#1229488).
- Update
patches.suse/wifi-ath12k-change-DMA-direction-while-mapping-reinj.patch
(git-fixes CVE-2024-43881 bsc#1229480).
- Update
patches.suse/wifi-ath12k-fix-invalid-memory-access-while-processi.patch
(git-fixes CVE-2024-43847 bsc#1229291).
- Update
patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
(git-fixes CVE-2024-43879 bsc#1229482).
- Update
patches.suse/wifi-nl80211-disallow-setting-special-AP-channel-wid.patch
(stable-fixes CVE-2024-43912 bsc#1229830).
- Update
patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
(git-fixes CVE-2024-43842 bsc#1229317).
- Update
patches.suse/wifi-virt_wifi-avoid-reporting-connection-success-wi.patch
(git-fixes CVE-2024-43841 bsc#1229304).
- commit 140ec33
- iommu/amd: Convert comma to semicolon (git-fixes).
- commit 2714d8b
- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
CVE-2024-43821).
- commit eb73e94
- iommu/vt-d: Fix identity map bounds in si_domain_init()
(git-fixes).
- commit b4d27e5
- iommufd/device: Fix hwpt at err_unresv in
iommufd_device_do_replace() (git-fixes).
- commit bbc9a65
- blacklist.conf: add 053fc4f755ad fuse: fix UAF in rcu pathwalks
This commit breaks kABI and the data structure has no free room for the
extra field, i.e. memcpy would fail to copy the additional member added by
this patch.
- commit 941b81c
- virtiofs: forbid newlines in tags (bsc#1229940).
- commit 61514ce
- trace/pid_list: Change gfp flags in pid_list_fill_irq()
(git-fixes).
- commit 88d1dac
- blacklist.conf: add a not-relevant tracing commit
- commit 9e3013e
- evm: don't copy up 'security.evm' xattr (git-fixes).
- commit d3bb5af
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race
(git-fixes).
- commit 150e615
- jfs: define xtree root and page independently (git-fixes).
- commit fc62e49
- kernfs: fix false-positive WARN(nr_mmapped) in
kernfs_drain_open_files (git-fixes).
- commit 7fa46d1
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- commit 9b6ef3b
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: wfx: repair open network AP mode (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
(git-fixes).
- Input: i8042 - use new forcenorestore quirk to replace old
buggy quirk combination (stable-fixes).
- Input: i8042 - add forcenorestore quirk to leave controller
untouched even on s3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is
destroyed in probe (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed
(stable-fixes).
- Input: MT - limit max slots (stable-fixes).
- usb: dwc3: core: Skip setting event buffers for host only
controllers (stable-fixes).
- platform/x86: lg-laptop: fix %s null argument warning
(stable-fixes).
- rtc: nct3018y: fix possible NULL dereference (stable-fixes).
- usb: gadget: fsl: Increase size of name buffer for endpoints
(stable-fixes).
- media: drivers/media/dvb-core: copy user arrays safely
(stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return
(stable-fixes).
- memory: stm32-fmc2-ebi: check regmap_read return value
(stable-fixes).
- memory: tegra: Skip SID programming if SID registers aren't set
(stable-fixes).
- Revert "usb: gadget: uvc: cleanup request when not in correct
state" (stable-fixes).
- usb: gadget: uvc: cleanup request when not in correct state
(stable-fixes).
- staging: ks7010: disable bh on tx_dev_lock (stable-fixes).
- staging: iio: resolver: ad2s1210: fix use before initialization
(stable-fixes).
- ssb: Fix division by zero issue in ssb_calc_clock_rate
(stable-fixes).
- commit b84d799
- drm/vmwgfx: Fix prime with external buffers (git-fixes).
- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict
(git-fixes).
- drm/amd/display: avoid using null object of framebuffer
(git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
(git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/msm/dpu: take plane rotation into account for wide planes
(git-fixes).
- drm/msm/dpu: move dpu_encoder's connector assignment to
atomic_enable() (git-fixes).
- char: xillybus: Refine workqueue handling (git-fixes).
- char: xillybus: Don't destroy workqueue from work item running
on it (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
(stable-fixes).
- drm/amdgpu/jpeg4: properly set atomics vmid field
(stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
(stable-fixes).
- drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
amdgpu_vm_pt_parent (stable-fixes).
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
(git-fixes).
- firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
(stable-fixes).
- drm/msm/dpu: capture snapshot on the first commit_done timeout
(stable-fixes).
- drm/msm/dpu: split dpu_encoder_wait_for_event into two functions
(stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels
(stable-fixes).
- gpio: sysfs: extend the critical section for unregistering
sysfs devices (stable-fixes).
- Bluetooth: bnep: Fix out-of-bound access (stable-fixes).
- hwmon: (pc87360) Bounds check data->innr usage (stable-fixes).
- ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
(stable-fixes).
- drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes).
- drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys
(stable-fixes).
- drm/msm/mdss: Rename path references to mdp_path (stable-fixes).
- drm/msm/mdss: switch mdss to use devm_of_icc_get()
(stable-fixes).
- drm/msm/dpu: try multirect based on mdp clock limits
(stable-fixes).
- drm/msm: Reduce fallout of fence signaling vs reclaim hangs
(stable-fixes).
- drm/rockchip: vop2: clear afbc en and transform bit for cluster
window at linear mode (stable-fixes).
- Bluetooth: hci_conn: Check non NULL function before calling
for HFP offload (stable-fixes).
- i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes).
- i2c: riic: avoid potential division by zero (stable-fixes).
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer
(stable-fixes).
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times
out (stable-fixes).
- ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is
pending before suspend (stable-fixes).
- ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes).
- clk: visconti: Add bounds-checking coverage for struct
visconti_pll_provider (stable-fixes).
- hwmon: (ltc2992) Avoid division by zero (stable-fixes).
- commit 1b92ddd
- jump_label: Fix the fix, brown paper bags galore (git-fixes).
- commit 89b2827
- jump_label: Simplify and clarify
static_key_fast_inc_cpus_locked() (git-fixes).
- commit 954eaa3
- jump_label: Clarify condition in
static_key_fast_inc_not_disabled() (git-fixes).
- commit eb457dc
- jump_label: Fix concurrency issues in static_key_slow_dec()
(git-fixes).
- commit 6e92a06
- tracing: Return from tracing_buffers_read() if the file has
been closed (bsc#1229136 git-fixes).
- commit 8dc8510
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit e8b168b
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- commit 2f9e2b1
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
(git-fixes).
- commit 4045c94
- wifi: mac80211: fix NULL dereference at band check in starting
tx ba session (CVE-2024-43911 bsc#1229827).
- commit 0892b94
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit b90dd07
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
(CVE-2024-42277 bsc#1229409).
- commit ede2511
- Update references patches.suse/drm-amd-display-Add-null-checks-for-stream-and-plane.patch (CVE-2024-43904 bsc#1229768 stable-fixes)
- commit aaa26ef
- kabi: lib: objagg: Put back removed metod in struct objagg_ops
(CVE-2024-43880 bsc#1229481).
- commit 9566f2d
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 66e8d18
- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 1811990
- blacklist.conf: add 56769ba4b297a629148eb24d554aef72d1ddfd9e
- commit e1cb2aa
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 7a21b9d
- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book3 Ultra (stable-fixes).
- ASoC: allow module autoloading for table board_ids
(stable-fixes).
- ASoC: allow module autoloading for table db1200_pids
(stable-fixes).
- ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile
(stable-fixes).
- ASoC: SOF: mediatek: Add missing board compatible
(stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
(stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
(stable-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop
14-ey0xxx (stable-fixes).
- ALSA: hda/realtek: Implement sound init sequence for Samsung
Galaxy Book3 Pro 360 (stable-fixes).
- commit 97adcb2
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
(CVE-2024-43880 bsc#1229481).
- commit d9a404d
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B
pins (git-fixes).
- pinctrl: starfive: jh7110: Correct the level trigger
configuration of iev register (git-fixes).
- pinctrl: mediatek: common-v2: Fix broken bias-disable for
PULL_PU_PD_RSEL_TYPE (git-fixes).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (git-fixes).
- ASoC: SOF: amd: Fix for acp init sequence (git-fixes).
- ASoC: amd: acp: fix module autoloading (git-fixes).
- ALSA: seq: Skip event type filtering for UMP events (git-fixes).
- commit 3fa4a0b
- ice: Fix NULL pointer access, if PF doesn't support SRIOV_LAG
(bsc#1228737).
- commit f1a9730
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- commit ae735c0
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010 bsc#1223720).
- commit 8c34ee8
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 052d917
- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit e31d466
- mm/userfaultfd: reset ptes when close() for wr-protected ones
(CVE-2024-36881 bsc#1225718).
- commit 2267d46
- mm/mglru: fix div-by-zero in vmpressure_calc_level()
(CVE-2024-42316 bsc#1229353).
- commit ba00671
- md/raid1: set max_sectors during early return from
choose_slow_rdev() (git-fixes).
- md/raid5: recheck if reshape has finished with device_lock held
(git-fixes).
- md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl
(git-fixes).
- md/raid5: fix spares errors about rcu usage (git-fixes).
- md/md-bitmap: fix writing non bitmap pages (git-fixes).
- md: fix deadlock between mddev_suspend and flush bio
(bsc#1229342, CVE-2024-43855).
- md: change the return value type of md_write_start to void
(git-fixes).
- md: do not delete safemode_timer in mddev_suspend (git-fixes).
- md: don't account sync_io if iostats of the disk is disabled
(git-fixes).
- md: add check for sleepers in md_wakeup_thread() (git-fixes).
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (git-fixes).
- md: add a mddev_add_trace_msg helper (git-fixes).
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in
raid5d"" (git-fixes).
- md: fix a suspicious RCU usage warning (git-fixes).
- md/raid1: support read error check (git-fixes).
- commit f1ec0d4
- md: factor out a helper exceed_read_errors() to check
read_errors (git-fixes).
- Refresh for the above change,
patches.suse/md-display-timeout-error.patch.
patches.suse/md-raid1-10-add-a-helper-raid1_check_read_range-f298.patch.
- commit 035e3f0
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
(git-fixes).
- commit 5cc0fdd
- net/mlx5e: Fix CT entry update leaks of modify header context (CVE-2024-43864 bsc#1229496)
- commit 316a4fe
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
gcc version dependent, at least on ppc
- commit 16da158
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
(bsc#1226846 CVE-2024-38596).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
(git-fixes bsc#1226846).
- commit 7ceb0cd
- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
(CVE-2024-26631 bsc#1221630).
- commit 317a097
- netfilter: nf_tables: unconditionally flush pending work before notifier (CVE-2024-42109 bsc#1228505)
- commit 7a6a06c
- cxl/region: Avoid null pointer dereference in region lookup (CVE-2024-41084 bsc#1228472)
- commit fc1408b
- cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472)
- commit ac0e984
- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 6fcd399
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit c55beb2
- swiotlb: do not set total_used to 0 in
swiotlb_create_debugfs_files() (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
(git-fixes).
- commit 99fe6bb
- x86/kaslr: Expose and use the end of the physical memory
address space (bsc#1229443).
- commit 5b98c4e
- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 67db543
- iommu: Add kABI workaround patch (bsc#1223742
CVE-2024-27079).
- commit c4ebc76
- btrfs: copy dir permission and time when creating a stub
subvolume (bsc#1228321).
- commit 46e95d1
- nouveau/firmware: use dma non-coherent allocator (git-fixes).
- drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1
(git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
(git-fixes).
- drm/msm/dp: reset the link phy params before link training
(git-fixes).
- drm/msm/dp: fix the max supported bpp logic (git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
(git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
(git-fixes).
- commit ec72baf
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 2c615e8
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit 45c2786
- vfio: Introduce interface to flush virqfd inject workqueue
(CVE-2024-26812 bsc#1222808).
- commit 0704da7
- vfio/pci: Create persistent INTx handler (CVE-2024-26812
bsc#1222808).
- commit c0eeff7
- netfilter: nf_tables: discard table flag update with pending
basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
updates (CVE-2024-35897 bsc#1224510).
- commit bc3bca5
- kabi: restore const specifier in flow_offload_route_init()
(CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
setting up flow (CVE-2024-27403 bsc#1224415).
- commit f1d28bc
- Bluetooth: MGMT: Add error handling to pair_device()
(git-fixes).
- Bluetooth: SMP: Fix assumption of Central always being Initiator
(git-fixes).
- Bluetooth: hci_core: Fix LE quote calculation (git-fixes).
- commit 82ede4a
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit df3e052
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- commit acfc6dd
- KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes).
- commit ca5dde8
- KVM: Stop processing *all* memslots when "null" mmu_notifier
handler is found (git-fixes).
- commit edcaf30
- virt: guest_memfd: fix reference leak on hwpoisoned page
(git-fixes).
- commit 7ac89c3
- KVM: arm64: AArch32: Fix spurious trapping of conditional
instructions (git-fixes).
- commit 6b4a32b
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
(git-fixes).
- commit d2c979d
- KVM: arm64: Fix AArch32 register narrowing on userspace write
(git-fixes).
- commit c002253
- KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes).
- commit 9570c83
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (git-fixes).
- commit bbeeae4
- iommu: Add static iommu_ops->release_domain (bsc#1223742
CVE-2024-27079).
- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
CVE-2024-27079).
- Refresh
patches.suse/iommu-vt-d-Fix-WARN_ON-in-iommu-probe-path.patch.
- commit 5ddde3c
- KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with
KVM_MEM_READONLY (git-fixes).
- commit 7a71a2a
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
(git-fixes).
- commit ebc54df
- KVM: arm64: vgic-its: Test for valid IRQ in
its_sync_lpi_pending_table() (git-fixes).
- commit 989930f
- KVM: arm64: Add missing memory barriers when switching to
pKVM's hyp pgd (git-fixes).
- commit 5599b84
- KVM: arm64: vgic-v4: Restore pending state on host userspace
write (git-fixes).
- commit ba9826d
- KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy
(git-fixes).
- commit 26e04aa
- KVM: arm64: vgic: Add a non-locking primitive for
kvm_vgic_vcpu_destroy() (git-fixes).
- commit 686bc1c
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 8ea214b
- netfilter: nf_tables: set dormant flag on hook register failure
(CVE-2024-26835 bsc#1222967).
- commit 8f4d028
- KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes).
- commit 3a96863
- Revert "KVM: Prevent module exit until all VMs are freed"
(git-fixes).
- commit c075225
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 7f0379b
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI
(git-fixes).
- commit 919175d
- netfilter: nft_set_pipapo: release elements in clone only from
destroy path (CVE-2024-26809 bsc#1222633).
- commit d3a3287
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
(git-fixes).
- commit 7b3deae
- KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2
(git-fixes).
- commit 48c0cad
- netfilter: nf_tables: fix memleak when more than 255 elements
expired (CVE-2023-52581 bsc#1220877).
- commit 26441fd
- KVM: Protect vcpu->pid dereference via debugfs with RCU
(git-fixes).
- commit 55ae2a6
- KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init()
(git-fixes).
- commit f80cefe
- bpf: Fix updating attached freplace prog in prog_array map
(bsc#1229297 CVE-2024-43837).
- commit a9d7d77
- dma-direct: Leak pages on dma_set_decrypted() failure (bsc#1224535 CVE-2024-35939).
- commit 7de8166
- ice: Add a per-VF limit on number of FDIR filters
(CVE-2024-42291 bsc#1229374).
- commit ee2b93b
- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
bsc#1229391).
- commit 268cdf6
- selftests/bpf: Add a test to verify previous stacksafe() fix
(bsc#1225903).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit dab2844
- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 6348ec4
- clk: mediatek: mt7622-apmixedsys: Fix an error handling path
in clk_mt8135_apmixed_probe() (bsc#1224711 CVE-2024-27433).
- commit 30e1ef1
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 3278d5d
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 26814d6
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit 6ad2cbe
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
(CVE-2024-40920 bsc#1227781).
- net: bridge: mst: pass vlan group directly to
br_mst_vlan_set_state (CVE-2024-40921 bsc#1227784).
- net: bridge: mst: fix vlan use-after-free (CVE-2024-36979
bsc#1226604).
- commit 7beae73
- blacklist.conf: git-fixes f2eaed1565acc2bdeb5c433f5f6c7bd7a0d62db1
blacklisted since it involves backporting many other commits not
that are relevnat only to gdb debug scripts and whose dependent
commits may break kABI.
- commit 323e420
- erofs: fix inconsistent per-file compression format (bsc#1220252, CVE-2024-26590).
- commit 4f99bd1
- perf: hisi: Fix use-after-free when register pmu fails
(bsc#1225582 CVE-2023-52859).
- commit a50ce06
- printk/panic: Allow cpu backtraces to be written into ringbuffer
during panic (bsc#1225607).
- commit 1ebfff4
- net: drop bad gso csum_start and offset in virtio_net_hdr
(git-fixes).
- commit 6d27b13
- selftests/bpf: Test for null-pointer-deref bugfix in
resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit 37e60d8
- bpf: simplify btf_get_prog_ctx_type() into
btf_is_prog_ctx_type() (git-fixes).
- Refresh patches.suse/bpf-don-t-infer-PTR_TO_CTX-for-programs-with-unnamed.patch
- Refresh patches.suse/bpf-handle-bpf_user_pt_regs_t-typedef-explicitly-for.patch
- bpf: extract bpf_ctx_convert_map logic and make it more reusable
(git-fixes).
- Refresh patches.suse/bpf-handle-bpf_user_pt_regs_t-typedef-explicitly-for.patch
- commit a1a0c24
- vhost: Release worker mutex during flushes (git-fixes).
- commit be0d4d9
- virtio: reenable config if freezing device failed (git-fixes).
- commit d96d64e
- kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS
(git-fixes).
- SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).
- commit 4fa6f6d
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (CVE-2024-42270 bsc#1229404)
- commit eb407e1
- netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (CVE-2024-42269 bsc#1229402)
- commit 6f31e8c
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 003e7ab
- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit dd830eb
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 683a109
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit bc065ac
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit 5abcd51
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
(git-fixes).
- commit efaee02
- net: missing check virtio (git-fixes).
- commit 547a4d8
- vhost/vsock: always initialize seqpacket_allow (git-fixes).
- commit 1501797
- vhost: Use virtqueue mutex for swapping worker (git-fixes).
- commit ee31e9d
- nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857).
- nvme-sysfs: add 'tls_configured_key' sysfs attribute
(bsc#1221857).
- nvme: split off TLS sysfs attributes into a separate group
(bsc#1221857).
- nvme: add a newline to the 'tls_key' sysfs attribute
(bsc#1221857).
- nvme-tcp: check for invalidated or revoked key (bsc#1221857).
- nvme-tcp: sanitize TLS key handling (bsc#1221857).
- nvme: tcp: remove unnecessary goto statement (bsc#1221857).
- commit 95902b1
- Refresh patches.suse/nvme-fabrics-typo-in-nvmf_parse_key.patch.
Move into sorted section.
- commit 24e43c3
- vhost-scsi: Handle vhost_vq_work_queue failures for events
(git-fixes).
- commit bb54ef9
- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit ddc1933
- Update
patches.suse/nvme-tcp-fix-compile-time-checks-for-TLS-mode.patch
(jsc#PED-6252 jsc#PED-5728 jsc#PED-5062 jsc#PED-3535
bsc#1221857).
Fix backporting error.
- commit 35c7df3
- Update parport patch reference (CVE-2024-42301 bsc#1229407)
- commit 6707829
- Refresh
patches.suse/nvme-tcp-strict-pdu-pacing-to-avoid-send-stalls-on-T.patch.
Use the version which got upload upstream.
- commit 4896f98
- blacklist.conf: add ffe6176b7f53 ("virtio: store owner from modules
with register_virtio_driver()")
- commit 08df841
- virtio_net: use u64_stats_t infra to avoid data-races
(git-fixes).
- commit 1825530
- usb: typec: fsa4480: Check if the chip is really there
(git-fixes).
- commit 771af75
- usb: typec: fsa4480: Add support to swap SBU orientation
(git-fixes).
- commit b744e01
- usb: typec: fsa4480: add support for Audio Accessory Mode
(git-fixes).
- commit 471d14e
- usb: typec: fsa4480: rework mux & switch setup to handle more
states (git-fixes).
- commit dc03605
- irqchip/imx-irqsteer: Handle runtime power management correctly
(CVE-2024-42290 bsc#1229379).
- commit a3bbc63
- landlock: Don't lose track of restrictions on cred_transfer
(bsc#1229351 CVE-2024-42318).
- commit e161e74
- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 7a47d08
- kABI fix of: virtio-crypto: handle config changed by work queue
(git-fixes).
- commit 2e4646f
- nvme-multipath: implement "queue-depth" iopolicy (bsc#1227706).
- nvme-multipath: prepare for "queue-depth" iopolicy
(bsc#1227706).
- commit 796fd31
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
(bsc#1229370 CVE-2024-42295).
- commit 34231c4
- arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes)
- commit 6f29859
- arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes)
- commit 6b6ab8a
- soc: qcom: icc-bwmon: Fix refcount imbalance seen during
bwmon_remove (CVE-2024-43850 bsc#1229316).
- soc: qcom: icc-bwmon: Set default thresholds dynamically
(CVE-2024-43850 bsc#1229316).
- commit e842a77
- arm64: dts: imx8mp: add HDMI power-domains (git-fixes)
- commit 88b7cca
- arm64: dts: imx8mp: Add NPU Node (git-fixes)
- commit 55a2e84
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit a7b1ec0
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- net: mana: Add support for page sizes other than 4KB on ARM64
(jsc#PED-8491 bsc#1226530).
- commit 24750b5
- Squashfs: fix variable overflow triggered by sysbot (git-fixes).
- commit 90b77e5
- squashfs: squashfs_read_data need to check if the length is 0
(git-fixes).
- commit 1ab3d64
- jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- commit f862c1b
- jfs: fix null ptr deref in dtInsertEntry (git-fixes).
- commit 72d65ab
- reiserfs: fix uninit-value in comp_keys (git-fixes).
- commit aeea4b8
- Update
patches.suse/0001-netlink-add-nla-be16-32-types-to-minlen-array.patch
(CVE-2024-26849 bsc#1223053).
Fixes: 2747893c94d9b55340403026d9430f2f93947449
- commit 4cf09d7
- virtio-crypto: handle config changed by work queue (git-fixes).
- Refresh
patches.suse/crypto-virtio-Wait-for-tasklet-to-complete-on-device.patch.
- commit 3719b45
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229456).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
(bsc#1229455).
- commit 1ffdccd
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229452).
- commit 421d882
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/tools-Disable-__packed-attribute-compiler-warning-due-to-Werror-attributes.patch.
- commit a7c7d40
- net/iucv: fix the allocation size of iucv_path_table array
(git-fixes bsc#1229451).
- commit 4e0b259
- blacklist.conf: we don't enable CONFIG_CPUMASK_OFFSTACK on s390
- commit 8a36035
- Refresh patches.suse/0001-drm-mst-Fix-NULL-pointer-dereference-at-drm_dp_add_p.patch (git-fixes)
Alt-commit
- commit 98e41cf
- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
Alt-commit
- commit 11ef901
- Refresh patches.suse/drm-amd-display-Send-DTBCLK-disable-message-on-first.patch (git-fixes)
Alt-commit
- commit 6d9aa0a
- Refresh patches.suse/drm-amd-display-Fix-DPSTREAM-CLK-on-and-off-sequence.patch (git-fixes)
Alt-commit
- commit 24768b9
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit 35aaaf5
- HID: wacom: Defer calculation of resolution until
resolution_code is known (git-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
(stable-fixes).
- commit a485c9b
- blacklist.conf: Add libata upstream revert entry (bsc#1229054)
- commit 5ded40a
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit f593f1f
- kABI fix for net/sched: flower: Fix chain template offload
(CVE-2024-26669 bsc#1222350).
- net/sched: flower: Fix chain template offload (CVE-2024-26669
bsc#1222350).
- commit 43f1cd6
- kABI fix for rxrpc: Fix delayed ACKs to not set the reference
serial number (CVE-2024-26677 bsc#1222387).
- rxrpc: Fix delayed ACKs to not set the reference serial number
(CVE-2024-26677 bsc#1222387).
- commit c3c3a27
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit fd7ec4b
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- commit c717fae
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- nfs: pass explicit offset/count to trace events (git-fixes).
- commit 6f41a0a
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
(git-fixes).
- NFSD: Support write delegations in LAYOUTGET (git-fixes).
- nfs: don't invalidate dentries on transient errors (git-fixes).
- nfs: propagate readlink errors in nfs_symlink_filler
(git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
(git-fixes).
- commit 6ab4001
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740 bsc#1228466).
- Update
patches.suse/cachefiles-add-missing-lock-protection-when-polling.patch
(bsc#1229256 CVE-2024-42250 bsc#1228977).
- Update
patches.suse/cachefiles-defer-exposing-anon_fd-until-after-copy_to.patch
(bsc#1229251 CVE-2024-40913 bsc#1227839).
- Update
patches.suse/cachefiles-fix-slab-use-after-free-in-cachefiles_onde.patch
(bsc#1229247 CVE-2024-39510 bsc#1227734).
- Update
patches.suse/cachefiles-fix-slab-use-after-free-in-cachefiles_ondemand_daemon_read.patch
(bsc#1229246 CVE-2024-40899 bsc#1227758).
- Update
patches.suse/drm-i915-gem-Fix-Virtual-Memory-mapping-boundaries-c.patch
(git-fixes CVE-2024-42259 bsc#1229156).
- Update
patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
(bsc#1194869 CVE-2024-41065 bsc#1228636).
- commit 3fec826
- char: xillybus: Check USB endpoints when probing device
(git-fixes).
- Revert "misc: fastrpc: Restrict untrusted app to attach to
privileged PD" (git-fixes).
- tty: atmel_serial: use the correct RTS flag (git-fixes).
- tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
(git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed
re-enumeration (git-fixes).
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
(git-fixes).
- commit e3fe681
- blacklist.conf: add unwanted nfs/sunrpc patch
- commit 405ec89
- Refresh patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
Add git-commit
- commit 7a1e763
- xfs: attr forks require attr, not attr2 (git-fixes).
- commit d1644af
- i2c: qcom-geni: Add missing geni_icc_disable in
geni_i2c_runtime_resume (git-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
(git-fixes).
- commit 37fcb0e
- Move upstreamed powerpc patches into sorted section
- commit 7bdd775
- xfs: journal geometry is not properly bounds checked
(git-fixes).
- commit 7680aeb
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit a300263
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit a089c62
- spi: Add empty versions of ACPI functions (stable-fixes).
- i2c: Fix conditional for substituting empty ACPI functions
(stable-fixes).
- commit 3dc083c
- gpio: mlxbf3: Support shutdown() function (git-fixes).
- ALSA: hda/tas2781: Use correct endian conversion (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
(stable-fixes).
- ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
(stable-fixes).
- ALSA: hda/realtek: Add support for new HP G12 laptops
(stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes).
- drm/amd/display: Adjust cursor position (git-fixes).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- device property: Add cleanup.h based fwnode_handle_put()
scope based cleanup (stable-fixes).
- commit 51be9a0
- xfs: allow cross-linking special files without project quota
(git-fixes).
- commit 8d26aca
- KVM: nVMX: Check for pending posted interrupts when looking
for nested events (git-fixes).
- commit 0b1027c
- KVM: VMX: Split out the non-virtualization part of
vmx_interrupt_blocked() (git-fixes).
- commit 47fc351
- xfs: use consistent uid/gid when grabbing dquots for inodes
(git-fixes).
- commit c1c88ce
- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs
(git-fixes).
- commit fae2711
- xfs: allow unlinked symlinks and dirs with zero size
(git-fixes).
- commit 184b713
- blacklist.conf: add f99b052256f1 ("KVM: SNP: Fix LBR Virtualization for SNP guest")
- commit c9ad47e
- KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE
(git-fixes).
- commit 96acab8
- xfs: fix unlink vs cluster buffer instantiation race
(git-fixes).
- commit 0ae592b
- xfs: upgrade the extent counters in xfs_reflink_end_cow_extent
later (git-fixes).
- commit 730a4f0
- xfs: match lock mode in xfs_buffered_write_iomap_begin()
(git-fixes).
- commit e70a195
- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log
intent item recovery (git-fixes).
- commit 85919a1
- xfs: don't use current->journal_info (git-fixes).
- commit d96f684
- KVM: nVMX: Request immediate exit iff pending nested event
needs injection (git-fixes).
- commit 9d306b8
- cachefiles: add missing lock protection when polling
(bsc#1229256).
- cachefiles: cyclic allocation of msg_id to avoid reuse
(bsc#1228499 CVE-2024-41050).
- cachefiles: wait for ondemand_object_worker to finish when
dropping object (bsc#1228468 CVE-2024-41051).
- cachefiles: cancel all requests for the object that is being
dropped (bsc#1229255).
- cachefiles: stop sending new request when dropping object
(bsc#1229254).
- cachefiles: propagate errors from vfs_getxattr() to avoid
infinite loop (bsc#1229253).
- cachefiles: make on-demand read killable (bsc#1229252).
- cachefiles: Set object to close if ondemand_id < 0 in copen
(bsc#1228643 CVE-2024-41074).
- cachefiles: defer exposing anon_fd until after copy_to_user()
succeeds (bsc#1229251).
- cachefiles: never get a new anonymous fd if ondemand_id is valid
(bsc#1229250).
- cachefiles: add spin_lock for cachefiles_ondemand_info
(bsc#1229249).
- cachefiles: add consistency check for copen/cread (bsc#1228646
CVE-2024-41075).
- cachefiles: remove err_put_fd label in
cachefiles_ondemand_daemon_read() (bsc#1229248).
- cachefiles: fix slab-use-after-free in
cachefiles_ondemand_daemon_read() (bsc#1229247).
- cachefiles: fix slab-use-after-free in
cachefiles_ondemand_get_fd() (bsc#1229246).
- cachefiles, erofs: Fix NULL deref in when cachefiles is not
doing ondemand-mode (bsc#1229245).
- cachefiles: add restore command to recover inflight ondemand
read requests (bsc#1229244).
- cachefiles: narrow the scope of triggering EPOLLIN events in
ondemand mode (bsc#1229243).
- cachefiles: resend an open request if the read request's object
is closed (bsc#1229241).
- cachefiles: extract ondemand info field from cachefiles_object
(bsc#1229240).
- cachefiles: introduce object ondemand state (bsc#1229239).
- commit 3d893c5
- KVM: nVMX: Add a helper to get highest pending from Posted
Interrupt vector (git-fixes).
- commit ebf04ff
- KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in
vmx_exit() (git-fixes).
- commit 8ef91ee
- KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes).
- commit 395837f
- KVM: VMX: Move posted interrupt descriptor out of VMX code
(git-fixes).
- commit feb966b
- xfs: allow symlinks with short remote targets (bsc#1229160).
- commit e82d4ad
- blacklist.conf: add 1c682593096a ("xen: privcmd: Switch from mutex to spinlock for irqfds")
- commit 46d4480
- x86/xen: Convert comma to semicolon (git-fixes).
- commit c8d2d16
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
(bsc#1229086).
- commit 59cb1c7
- wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
(git-fixes).
- net: ethernet: mtk_wed: fix use-after-free panic in
mtk_wed_setup_tc_block_cb() (git-fixes).
- media: Revert "media: dvb-usb: Fix unexpected infinite loop
in dvb_usb_read_remote_control()" (git-fixes).
- commit daf04e2
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit a736b9b
- io_uring: fix possible deadlock in
io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit eae6448
- io_uring: fix io_match_task must_hold (git-fixes).
- io_uring: tighten task exit cancellations (git-fixes).
- commit f9ce2d8
- io_uring: Fix probe of disabled operations (git-fixes).
- io_uring/advise: support 64-bit lengths (git-fixes).
- commit 7566a8d
- io_uring: Drop per-ctx dummy_ubuf (git-fixes).
- commit 2717cc1
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
(bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
(bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
(bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
(bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- commit 4e7f0fe
- blacklist.conf: Add a bunch of superfluous ppc changes reported by
git-fixes.
- commit 7c2a851
- blacklist.conf: Add ppc more ppc unsupported arch paths and commits.
- commit 66e06b4
- blacklist.conf: Add more ppc 32bit paths.
- commit 013a9db
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit e589bbc
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit 0d04176
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit 6a5ea61
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit f75d6ba
- arm64: errata: Unify speculative SSBS errata logic (git-fixes).
Update config files.
- commit ffaab08
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 3c8ddb7
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit f5fd7c6
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit d87d988
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
and enable around.
- commit b3747ef
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 78aeee9
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit 2841965
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 5c935b6
- arm64: Add Neoverse-V2 part (git-fixes)
- commit 0f9f30b
- net/rds: fix possible cp null dereference (git-fixes).
- commit cac3126
- s390/pci: Add missing virt_to_phys() for directed DIBV
(git-fixes bsc#1229174).
- commit ea8e3e7
- s390/dasd: fix error checks in dasd_copy_pair_store()
(git-fixes bsc#1229173).
- commit f5c4fe8
- s390/pci: Allow allocation of more than 1 MSI interrupt
(git-fixes bsc#1229172).
- s390/pci: Refactor arch_setup_msi_irqs() (git-fixes
bsc#1229172).
- commit ad8c54b
- s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes
bsc#1229171).
- commit 94c7469
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229170).
- commit 447c271
- s390/sclp: Prevent release of buffer in I/O (git-fixes
bsc#1229169).
- commit 9daf007
- kvm: s390: Reject memory region operations for ucontrol VMs
(git-fixes bsc#1229168).
- commit 14a9742
- KVM: s390: fix validity interception issue when gisa is switched
off (git-fixes bsc#1229167).
- commit 5c4e348
- Update patch reference of USB patch (jsc#PED-10108)
- commit edfa08b
- USB: serial: debug: do not echo input by default (stable-fixes).
- usb: vhci-hcd: Do not drop references before new references
are gained (stable-fixes).
- serial: core: check uartclk for zero to avoid divide by zero
(stable-fixes).
- media: xc2028: avoid use-after-free in load_firmware_cb()
(stable-fixes).
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x
(stable-fixes).
- media: uvcvideo: Ignore empty TS packets (stable-fixes).
- media: amphion: Remove lock in s_ctrl callback (stable-fixes).
- wifi: nl80211: don't give key data to userspace (stable-fixes).
- PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup()
(stable-fixes).
- wifi: nl80211: disallow setting special AP channel widths
(stable-fixes).
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes).
- commit 2335bf9
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/i915/gem: Adjust vma offset for framebuffer mmap offset
(stable-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(stable-fixes).
- drm/amdgpu: Forward soft recovery errors to userspace
(stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
(stable-fixes).
- drm/mediatek/dp: Fix spurious kfree() (git-fixes).
- drm/amd/display: Add null checker before passing variables
(stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
dereferencing in amdgpu_dm_plane_handle_cursor_update"
(stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
(stable-fixes).
- drm/radeon: Remove __counted_by from StateArray.states[]
(git-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/admgpu: fix dereferencing null pointer context
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
(stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
(stable-fixes).
- drm/amdgpu: fix potential resource leak warning (stable-fixes).
- drm/amd/display: Add delay to improve LTTPR UHBR interop
(stable-fixes).
- Bluetooth: btnxpuart: Shutdown timer and prevent rearming when
driver unloading (stable-fixes).
- can: mcp251xfd: tef: update workaround for erratum DS80000789E
6 of mcp2518fd (stable-fixes).
- can: mcp251xfd: tef: prepare to workaround broken TEF FIFO
tail index erratum (stable-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core
(stable-fixes).
- ACPI: battery: create alarm sysfs attribute atomically
(stable-fixes).
- clocksource/drivers/sh_cmt: Address race condition for clock
events (stable-fixes).
- commit 2a8ca72
- Update patch reference for SPI patch (jsc#PED-10105)
- commit a896d55
- kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634
git-fixes).
- KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).
- commit 576de67
- kernfs: Convert kernfs_path_from_node_locked() from strlcpy()
to strscpy() (bsc#1229134).
- Refresh
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch.
- commit bc8376b
- Update patch reference for iwlwifi fix (jsc#PED-10055)
- commit 73fda85
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(bsc#1229056).
- commit 0ae7f4e
- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
(git-fixes).
- bpf: don't infer PTR_TO_CTX for programs with unnamed context
type (git-fixes).
- bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX
global arg (git-fixes).
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace
correctly (git-fixes).
- commit dd0591b
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit 12865c8
- tools/resolve_btfids: Fix comparison of distinct pointer types
warning in resolve_btfids (git-fixes).
- tools/resolve_btfids: fix build with musl libc (git-fixes).
- commit f42b517
- btrfs: fix leak of qgroup extent records after transaction abort
(git-fixes).
- btrfs: fix ordered extent split error handling in
btrfs_dio_submit_io (git-fixes).
- btrfs: use irq safe locking when running and adding delayed
iputs (git-fixes).
- commit 59b18df
- btrfs: fix extent map use-after-free when adding pages to
compressed bio (git-fixes).
- commit b3e7c96
- Drop libata patch that caused a regression (bsc#1229054)
- commit 3d5faca
- btrfs: fix double inode unlock for direct IO sync writes
(git-fixes).
- btrfs: fix corruption after buffer fault in during direct IO
append write (git-fixes).
- btrfs: use a btrfs_inode local variable at btrfs_sync_file()
(git-fixes).
- btrfs: pass a btrfs_inode to btrfs_wait_ordered_range()
(git-fixes).
- btrfs: pass a btrfs_inode to btrfs_fdatawrite_range()
(git-fixes).
- btrfs: use a btrfs_inode in the log context (struct
btrfs_log_ctx) (git-fixes).
- btrfs: make btrfs_finish_ordered_extent() return void
(git-fixes).
- btrfs: ensure fast fsync waits for ordered extents after a
write failure (git-fixes).
- btrfs: rename err to ret in btrfs_direct_write() (git-fixes).
- btrfs: uninline some static inline helpers from tree-log.h
(git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete buffered
writes (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete direct writes
(git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete compressed
writes (git-fixes).
- btrfs: open code end_extent_writepage in
end_bio_extent_writepage (git-fixes).
- btrfs: add a btrfs_finish_ordered_extent helper (git-fixes).
- btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes).
- btrfs: factor out a can_finish_ordered_extent helper
(git-fixes).
- btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes).
- btrfs: add an ordered_extent pointer to struct btrfs_bio
(git-fixes).
- btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io
(git-fixes).
- btrfs: add a is_data_bbio helper (git-fixes).
- btrfs: remove btrfs_add_ordered_extent (git-fixes).
- btrfs: pass an ordered_extent to btrfs_submit_compressed_write
(git-fixes).
- btrfs: pass an ordered_extent to btrfs_reloc_clone_csums
(git-fixes).
- btrfs: merge the two calls to btrfs_add_ordered_extent in
run_delalloc_nocow (git-fixes).
- btrfs: limit write bios to a single ordered extent (git-fixes).
- commit 90ea198
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit 3d340df
- Update patch reference for MD patch (jsc#PED-10029 jsc#PED-10045)
- commit 1bf8fd1
- Update patch refefernce for MFD patch (jsc#PED-10029)
- commit f36d989
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit c606582
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 4007799
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 9854658
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 0a84b39
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 85ba4b7
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 1b89039
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 73c2646
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit 9e31807
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit f6baa58
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit 07f864e
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit d5ea9be
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit d314cb6
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit b00829d
- tools/resolve_btfids: Fix cross-compilation to non-host
endianness (git-fixes).
- tools/resolve_btfids: Refactor set sorting with types from
btf_ids.h (git-fixes).
- libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes).
- commit 6fc7b9e
- libbpf: Add missing LIBBPF_API annotation to
libbpf_set_memlock_rlim API (git-fixes).
- selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes).
- libbpf: Fix faccessat() usage on Android (git-fixes).
- selftests/bpf: Wait for the netstamp_needed_key static key to
be turned on (git-fixes).
- commit 89d6f3b
- selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes).
- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY
values (git-fixes).
- libbpf: Apply map_set_def_max_entries() for inner_maps on
creation (git-fixes).
- selftests/bpf: Fix potential premature unload in bpf_testmod
(git-fixes).
- bpftool: Silence build warning about calloc() (git-fixes).
- commit 7aaf2fc
- x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes).
- Refresh
patches.suse/x86-uaccess-Fix-missed-zeroing-of-ia32-u64-get_user-range-.patch.
- commit 97ffc68
- selftests/bpf: Fix up xdp bonding test wrt feature flags
(git-fixes).
- selftests/bpf: fix compiler warnings in RELEASE=1 mode
(git-fixes).
- selftests/bpf: Relax time_tai test for equal timestamps in
tai_forward (git-fixes).
- bpf: Set uattr->batch.count as zero before batched update or
deletion (git-fixes).
- bpf: Remove unnecessary wait from bpf_map_copy_value()
(git-fixes).
- commit 19ebfe6
- bpf: enforce precision of R0 on callback return (git-fixes).
- selftests/bpf: Fix erroneous bitmask operation (git-fixes).
- bpf/tests: Remove duplicate JSGT tests (git-fixes).
- bpftool: mark orphaned programs during prog show (git-fixes).
- commit 2b6a18e
- bpf: Fix a few selftest failures due to llvm18 change
(git-fixes).
- selftests/bpf: Fix issues in setup_classid_environment()
(git-fixes).
- selftests/bpf: Add assert for user stacks in test_task_stack
(git-fixes).
- selftests/bpf: Fix pyperf180 compilation failure with clang18
(git-fixes).
- bpf: Add crosstask check to __bpf_get_stack (git-fixes).
- commit fce00e9
- bpf, lpm: Fix check prefixlen before walking trie (git-fixes).
- selftests/bpf: satisfy compiler by having explicit return in
btf test (git-fixes).
- selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes).
- bpf: Fix prog_array_map_poke_run map poke update (git-fixes).
- commit ca200c8
- scsi: mpi3mr: Use proper format specifier in
mpi3mr_sas_port_add() (bsc#1228754 CVE-2024-42159 git-fixes).
- scsi: mpi3mr: Sanitise num_phys (bsc#1228754 CVE-2024-42159).
- commit e024eb0
- tcp_metrics: validate source addr length
(CVE-2024-42154 bsc#1228507).
- commit a83d949
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (git-fixes).
Refresh
patches.suse/selftests-bpf-test-case-for-callback_depth-states-pr.patch.
- selftests/bpf: fix bpf_loop_bench for new callback verification
scheme (git-fixes).
- selftests/bpf: Add netkit to tc_redirect selftest (git-fixes).
- selftests/bpf: De-veth-ize the tc_redirect test case
(git-fixes).
- bpf: fix control-flow graph checking in privileged mode
(git-fixes).
- commit 27db2c6
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm
(git-fixes).
- bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes).
- commit b5c430e
- mm/shmem: disable PMD-sized page cache if needed (CVE-2024-42241
bsc#1228986).
- commit 8ecdd91
- x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes).
- commit 1d041a1
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit 5407674
- x86/pci: Skip early E820 check for ECAM region (git-fixes).
- commit 7ac1bfc
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 03de6ee
- x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes).
- commit 41708c1
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit e9979b2
- Revert "sched/fair: Make sure to try to detach at least one
movable task" (CVE-2024-42245 bsc#1228978).
- commit bff0dc0
- selftests/bpf: Make linked_list failure test more robust
(git-fixes).
- bpf: Ensure proper register state printing for cond jumps
(git-fixes).
- commit 2ec4f49
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit f975fdd
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(CVE-2024-26735 bsc#1222372).
- commit 75aaed9
- bpftool: Align output skeleton ELF code (git-fixes).
- samples/bpf: syscall_tp_user: Fix array out-of-bound access
(git-fixes).
- samples/bpf: syscall_tp_user: Rename num_progs into nr_tests
(git-fixes).
- bpf: Fix kfunc callback register type handling (git-fixes).
- commit ee3cca0
- bpf: Detect IP == ksym.end as part of BPF program (git-fixes).
- commit b5b57d0
- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod
is not available (git-fixes).
- commit 85b5d5e
- bpftool: Fix -Wcast-qual warning (git-fixes).
- commit 0417873
- net: bridge: switchdev: Skip MDB replays of deferred events
on offload (CVE-2024-26837 bsc#1222973).
- commit 2f55c98
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- s390/pkey: Wipe copies of clear-key structures on failure
(CVE-2024-42156 bsc#1228722).
- s390/pkey: Wipe sensitive data on failure (CVE-2024-42157
bsc#1228727).
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- s390/pkey: introduce dynamic debugging for pkey (bsc#1228720).
- s390/pkey: harmonize pkey s390 debug feature calls
(bsc#1228720).
- commit 72f0617
- usb: gadget: u_serial: Set start_delayed during suspend
(git-fixes).
- usb: gadget: core: Check for unset descriptor (git-fixes).
- usb: gadget: u_audio: Check return codes from usb_ep_enable
and config_ep_by_speed (git-fixes).
- driver core: Fix uevent_show() vs driver detach race
(git-fixes).
- thermal/drivers/broadcom: Fix race between removal and clock
disable (git-fixes).
- thermal: bcm2835: Convert to platform remove callback returning
void (stable-fixes).
- commit 9bfd8af
- selftests/bpf: Cover verifier checks for mutating
sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
allowed (bsc#1226885 CVE-2024-38662).
- commit 7f528cf
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- i2c: qcom-geni: Add missing geni_icc_disable in
geni_i2c_runtime_resume (git-fixes).
- i2c: qcom-geni: Add missing clk_disable_unprepare in
geni_i2c_runtime_resume (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source
not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes).
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
(git-fixes).
- drm/client: fix null pointer dereference in
drm_client_modeset_probe (git-fixes).
- commit e093c66
- Update patch references for ASoC regression fixes (bsc#1229045 bsc#1229046)
- commit 4e3f007
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- Moved upstreamed ASoC patch into sorted section
- commit 3058bc3
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value
(stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
(stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire
(stable-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask
(stable-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value
(stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
(stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire
(stable-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask
(stable-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- commit a8c8868
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit cdc2939
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Split kABI workaround of recent hyperv fixes (bsc#1229040, bsc#1225745, CVE-2024-36911, bsc#1225717, CVE-2024-36910, bsc#1225744, CVE-2024-36909)
- commit 3639306
- Yet more build fix without patches.kabi (bsc#1226502)
- commit 6bc3429
- Fix build errors without patches.kabi (bsc#1226502)
Now patches.suse/x86-Stop-using-weak-symbols-for-__iowrite32_copy.patch
has a full backport and later partially reverted via
patches.kabi/kabi-partial-revert-commit-20516d6e51dd.patch
- commit 44c5e90
- landlock: Fix d_parent walk (CVE-2024-40938 bsc#1227840).
- commit 36de641
- net: fix sk_memory_allocated_{add|sub} vs softirqs
(bsc#1228757).
- commit a963c0f
- minmax: fix up min3() and max3() too (bsc#1229024).
- minmax: improve macro expansion and type checking (bsc#1229024).
- minmax: simplify min()/max()/clamp() implementation
(bsc#1229024).
- minmax: don't use max() in situations that want a C constant
expression (bsc#1229024).
- minmax: make generic MIN() and MAX() macros available everywhere
(bsc#1229024).
- minmax: simplify and clarify min_t()/max_t() implementation
(bsc#1229024).
- minmax: add a few more MIN_T/MAX_T users (bsc#1229024).
- minmax: avoid overly complicated constant expressions in VM code
(bsc#1229024).
- drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c
(bsc#1229024).
- commit c64c296
- Update
patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
(stable-fixes CVE-2024-42097 bsc#1228766).
- Update
patches.suse/ASoC-SOF-Intel-hda-fix-null-deref-on-system-suspend-.patch
(git-fixes CVE-2024-41037 bsc#1228508).
- Update
patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
(git-fixes CVE-2024-42074 bsc#1228481).
- Update
patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
(git-fixes CVE-2024-42089 bsc#1228450).
- Update
patches.suse/Bluetooth-ISO-Check-socket-flag-instead-of-hcon.patch
(git-fixes CVE-2024-42141 bsc#1228502).
- Update
patches.suse/Bluetooth-Ignore-too-large-handle-values-in-BIG.patch
(git-fixes CVE-2024-42133 bsc#1228511).
- Update
patches.suse/Bluetooth-hci_core-cancel-all-works-upon-hci_unregis.patch
(stable-fixes CVE-2024-41063 bsc#1228580).
- Update
patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
(git-fixes CVE-2024-42137 bsc#1228563).
- Update patches.suse/PCI-MSI-Fix-UAF-in-msi_capability_init.patch
(git-fixes CVE-2024-41096 bsc#1228479).
- Update
patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
(git-fixes CVE-2024-42080 bsc#1228673).
- Update
patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
(git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
(git-fixes CVE-2024-42244 bsc#1228967).
- Update
patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
(git-fixes CVE-2024-41098 bsc#1228467).
- Update
patches.suse/bluetooth-hci-disallow-setting-handle-bigger-than-HC.patch
(git-fixes CVE-2024-42132 bsc#1228492).
- Update
patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
(bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
patches.suse/can-mcp251xfd-fix-infinite-loop-when-xmit-fails.patch
(git-fixes CVE-2024-41088 bsc#1228469).
- Update
patches.suse/cdrom-rearrange-last_media_change-check-to-avoid-uni.patch
(stable-fixes CVE-2024-42136 bsc#1228758).
- Update
patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
(stable-fixes CVE-2024-42229 bsc#1228708).
- Update
patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
(stable-fixes CVE-2024-42098 bsc#1228779).
- Update
patches.suse/drm-amd-display-ASSERT-when-failing-to-find-index-by.patch
(stable-fixes CVE-2024-42117 bsc#1228582).
- Update
patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
(stable-fixes CVE-2024-42121 bsc#1228590).
- Update
patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
(stable-fixes CVE-2024-42120 bsc#1228588).
- Update
patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dml.patch
(stable-fixes CVE-2024-41061 bsc#1228572).
- Update
patches.suse/drm-amd-display-Fix-overlapping-copy-within-dml_core.patch
(stable-fixes CVE-2024-42227 bsc#1228707).
- Update
patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
(stable-fixes CVE-2024-42119 bsc#1228584).
- Update
patches.suse/drm-amd-display-Skip-pipe-if-the-pipe-idx-not-set-pr.patch
(stable-fixes CVE-2024-42064 bsc#1228586).
- Update
patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
(git-fixes CVE-2024-41022 bsc#1228429).
- Update
patches.suse/drm-amdgpu-Using-uninitialized-value-size-when-calli.patch
(stable-fixes CVE-2024-42228 bsc#1228667).
- Update
patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
(stable-fixes CVE-2024-41093 bsc#1228660).
- Update
patches.suse/drm-fbdev-dma-Only-set-smem_start-is-enable-per-modu.patch
(git-fixes CVE-2024-41094 bsc#1228458).
- Update
patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
(git-fixes CVE-2024-41092 bsc#1228483).
- Update
patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
(stable-fixes CVE-2024-42127 bsc#1228721).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
(stable-fixes CVE-2024-41095 bsc#1228662).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
(stable-fixes CVE-2024-41089 bsc#1228658).
- Update
patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
(git-fixes CVE-2024-42101 bsc#1228495).
- Update
patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
(stable-fixes CVE-2024-42087 bsc#1228677).
- Update
patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
(stable-fixes CVE-2024-41060 bsc#1228567).
- Update
patches.suse/filelock-fix-potential-use-after-free-in-posix_lock_inode.patch
(git-fixes CVE-2024-41049 bsc#1228486).
- Update
patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
(git-fixes CVE-2024-41039 bsc#1228515).
- Update
patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
(git-fixes CVE-2024-41038 bsc#1228509).
- Update
patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
(git-fixes CVE-2024-42238 bsc#1228991).
- Update
patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
(git-fixes CVE-2024-41056 bsc#1228480).
- Update
patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
(git-fixes CVE-2024-42237 bsc#1228992).
- Update
patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
(git-fixes CVE-2024-31076 bsc#1226765).
- Update
patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
(git-fixes CVE-2024-42092 bsc#1228447).
- Update
patches.suse/gpio-pca953x-fix-pca953x_irq_bus_sync_unlock-race.patch
(stable-fixes CVE-2024-42253 bsc#1229005).
- Update
patches.suse/i2c-pnx-Fix-potential-deadlock-warning-from-del_time.patch
(git-fixes CVE-2024-42153 bsc#1228510).
- Update
patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
(git-fixes CVE-2024-42086 bsc#1228452).
- Update
patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
(git-fixes CVE-2024-42115 bsc#1228656).
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228192 CVE-2024-42232 bsc#1228959).
- Update
patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
(stable-fixes CVE-2024-42223 bsc#1228726).
- Update
patches.suse/misc-fastrpc-Fix-memory-leak-in-audio-daemon-attach-.patch
(git-fixes CVE-2024-41025 bsc#1228527).
- Update
patches.suse/misc-fastrpc-Restrict-untrusted-app-to-attach-to-pri.patch
(git-fixes CVE-2024-41024 bsc#1228525).
- Update
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-26720 CVE-2024-42131 bsc#1228650).
- Update
patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
(git-fixes CVE-2024-42069 bsc#1228463).
- Update
patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
(git-fixes CVE-2024-42076 bsc#1228484).
- Update
patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
(git-fixes CVE-2023-52887 bsc#1228426).
- Update
patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
(stable-fixes CVE-2024-42130 bsc#1228687).
- Update
patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-direct.patch
(stable-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
(git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
(git-fixes CVE-2024-41079 bsc#1228615).
- Update
patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
(git-fixes CVE-2024-42152 bsc#1228724).
- Update
patches.suse/ocfs2-fix-DIO-failure-due-to-insufficient-transaction-credits.patch
(git-fixes CVE-2024-42077 bsc#1228516).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
(git-fixes CVE-2024-42143 bsc#1228748).
- Update
patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
(git-fixes CVE-2024-42090 bsc#1228449).
- Update
patches.suse/platform-x86-toshiba_acpi-Fix-array-out-of-bounds-ac.patch
(git-fixes CVE-2024-41028 bsc#1228539).
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- Update
patches.suse/thermal-drivers-mediatek-lvts_thermal-Check-NULL-ptr.patch
(stable-fixes CVE-2024-42144 bsc#1228666).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
(git-fixes CVE-2024-42085 bsc#1228456).
- Update
patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
(stable-fixes CVE-2024-42236 bsc#1228964).
- Update
patches.suse/usb-xhci-prevent-potential-failure-in-handle_tx_even.patch
(stable-fixes CVE-2024-42226 bsc#1228709).
- Update
patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
(git-fixes CVE-2024-42114 bsc#1228564).
- Update
patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch
(stable-fixes CVE-2024-41072 bsc#1228626).
- Update
patches.suse/wifi-mac80211-Avoid-address-calculations-via-out-of-.patch
(stable-fixes CVE-2024-41071 bsc#1228625).
- Update
patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
(stable-fixes CVE-2024-42225 bsc#1228710).
- Update
patches.suse/wifi-rtw89-fw-scan-offload-prohibit-all-6-GHz-channe.patch
(bsc#1227149 CVE-2024-42125 bsc#1228674).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit dfa8582
- Bluetooth: hci_sync: avoid dup filtering when passive scanning
with adv monitor (git-fixes).
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
(git-fixes).
- kcov: properly check for softirq context (git-fixes).
- commit fc99a65
- wireguard: allowedips: avoid unaligned 64-bit memory accesses
(CVE-2024-42247 bsc#1228988).
- commit 12abe6d
- selftests/bpf: Add netlink helper library (bsc#1228021
CVE-2024-41010).
- Fix BPF selftest build failure
- commit c3e9de4
- x86/numa: Fix the sort compare func used in numa_fill_memblks()
(git-fixes).
- x86/numa: Fix the address overlap check in numa_fill_memblks()
(git-fixes).
- commit b42baa2
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 87d015b
- x86/numa: Fix SRAT lookup of CFMWS ranges with
numa_fill_memblks() (git-fixes).
- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
(git-fixes).
- x86/numa: Introduce numa_fill_memblks() (git-fixes).
- commit 7f40727
- ACPI: processor_idle: use raw_safe_halt() in
acpi_idle_play_dead() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
HIP08/09 (git-fixes).
- commit 23f94eb
- Update
patches.suse/crypto-hisilicon-debugfs-Fix-debugfs-uninit-process-.patch
(bsc#1228764 CVE-2024-42147).
- commit 9b42aa7
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
(bsc#1228446 CVE-2024-42095).
- commit 6d3406b
- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
CVE-2024-42095).
- commit a3bd324
- net/iucv: fix use after free in iucv_sock_close() (bsc#1228973).
- commit c3ed1a0
- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
CVE-2024-41068).
- commit a8db9f2
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 15eff3e
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (git-fixes).
- commit 592adb3
- selftests/bpf: Test pinning bpf timer to a core (bsc#1228531
CVE-2024-41045).
- Refresh patches.suse/selftests-bpf-Test-racing-between-bpf_timer_cancel_a.patch
- commit 1026c30
- bpf: Add ability to pin bpf timer to calling CPU (bsc#1228531
CVE-2024-41045).
- commit 060adb3
- power: supply: qcom_battmgr: return EAGAIN when firmware
service is not up (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage
writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
writes (git-fixes).
- commit 5ff04d3
- selftests/bpf: Add timer lockup selftest (bsc#1228531
CVE-2024-41045).
- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
(bsc#1228531 CVE-2024-41045).
- bpf: replace bpf_timer_cancel_and_free with a generic helper
(bsc#1228531 CVE-2024-41045).
- bpf: replace bpf_timer_set_callback with a generic helper
(bsc#1228531 CVE-2024-41045).
- bpf: replace bpf_timer_init with a generic helper (bsc#1228531
CVE-2024-41045).
- bpf: make timer data struct more generic (bsc#1228531
CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
(bsc#1228531 CVE-2024-41045).
- commit a65dc5b
- Move upstreamed sound patches into sorted section
- commit df9598d
- ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop
16-n0xxx (bsc#1227182).
- commit 645364b
- tcp: avoid too many retransmit packets (CVE-2024-41007
bsc#1227863).
- commit 8f47fe6
- mlxsw: core_linecards: Fix double memory deallocation in case
of invalid INI file (CVE-2024-42138 bsc#1228500).
- ice: Don't process extts if PTP is disabled (CVE-2024-42107
bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
(CVE-2024-42113 bsc#1228568).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
(CVE-2024-42142 bsc#1228491).
- mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4
systems (CVE-2024-42073 bsc#1228457).
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit e94d07a
- blacklist.conf: add some IRQ HANDLING ones
- commit 404c094
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 73e7677
- arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes)
- commit 2480247
- KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes)
- commit 90dba9e
- bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes)
- commit e10a18b
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit bae6c4b
- nvme-pci: do not directly handle subsys reset fallout
(bsc#1220066).
- commit 2082e5f
- platform/x86/intel/ifs: Initialize union ifs_status to zero
(git-fixes).
- commit b291cc1
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
CVE-2024-41000).
- commit 4cc5e60
- tipc: force a dst refcount before doing decryption (CVE-2024-40983 bsc#1227819).
- commit cee1bad
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
(CVE-2024-40995 bsc#1227830).
- commit 0580a17
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- RDMA/mana_ib: Use virtual address in dma regions for MRs
(git-fixes).
- commit 9336dc6
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 64d3ad2
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- ASoC: topology: Clean up route loading (CVE-2024-41069
bsc#1228644).
- commit 30d44d4
- md-cluster: keeping kabi compatibility for upstream commit
35a0a409fa26 (bsc#1223395).
- md-cluster: fix no recovery job when adding/re-adding a disk
(bsc#1223395).
- md-cluster: fix hanging issue while a new disk adding
(bsc#1223395).
- commit dac906f
- tools/perf: Fix timing issue with parallel threads in perf
bench wake-up-parallel (bsc#1227747).
- tools/perf: Fix perf bench epoll to enable the run when some
CPU's are offline (bsc#1227747).
- tools/perf: Fix perf bench futex to enable the run when some
CPU's are offline (bsc#1227747).
- commit 7bc1e4f
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- commit f36d7ca
- KVM: PPC: Book3S HV: Handle pending exceptions on guest entry
with MSR_EE (bsc#1215199).
- commit 6051d0b
- blacklist.conf: KVM PPC APIv2 enablement not included.
- commit b36c39a
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 6f4e943
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit 3abdbd5
- apparmor: unpack transition table if dfa is not present
(bsc#1226031).
- commit 10a598f
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit c4b9763
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849).
- commit 072d194
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: do not return 'reserved' for empty TSAS values
(git-fixes).
- nvme: fix NVME_NS_DEAC may incorrectly identifying the disk
as EXT_LBA (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- commit 7935501
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes)
- commit 3130571
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit 49ce7dd
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 09de886
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 9e511e1
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 75c8a8f
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit f76d2ac
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 3200c5d
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 1c3f5bc
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit bae3b01
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 53b999f
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit 1a6c9cf
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit ecbc61e
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit 9a0a984
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit e923a91
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit e73316e
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit ee50dd0
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 6b71029
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 673df57
- xfs: convert comma to semicolon (git-fixes).
- commit 8f18daf
- hfs: fix to initialize fields of hfs_inode_info after
hfs_alloc_inode() (git-fixes).
- commit 1aa4511
- kABI workaround for sound core UMP conversion (stable-fixes).
- commit b9e008a
- ALSA: seq: ump: Explicitly reset RPN with Null RPN
(stable-fixes).
- ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data
reception (stable-fixes).
- ALSA: seq: ump: Use the common RPN/bank conversion context
(stable-fixes).
- ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes).
- ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data
reception (stable-fixes).
- commit 508da4c
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 041506f
- Drop doubly put References tags in sound patches
- commit 92b6eba
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- commit 2045d7f
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 09a87ea
- spi: microchip-core: switch to use modern name (stable-fixes).
- Refresh
patches.suse/spi-microchip-core-defer-asserting-chip-select-until.patch.
- commit 31d15b3
- spi: microchip-core: fix init function not setting the master
and motorola modes (git-fixes).
- drm/amdgpu: reset vm state machine after gpu reset(vram lost)
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- efi/libstub: Zero initialize heap allocated struct screen_info
(git-fixes).
- PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes).
- dev/parport: fix the array out-of-bounds risk (stable-fixes).
- clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer
the error (git-fixes).
- clk: qcom: Park shared RCGs upon registration (git-fixes).
- clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's
(git-fixes).
- clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during
disable (git-fixes).
- clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and
ALWAYS_ON flags (git-fixes).
- clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and
flags (git-fixes).
- clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during
disable (git-fixes).
- clk: qcom: camcc-sc7280: Add parent dependency to all camera
GDSCs (git-fixes).
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE
clock (git-fixes).
- clk: en7523: fix rate divider for slic and spi clocks
(git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920
(git-fixes).
- media: uvcvideo: Quirk for invalid dev_sof in Logitech C922
(stable-fixes).
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no
error (stable-fixes).
- ata: libata-scsi: Do not overwrite valid sense data when
CK_COND=1 (stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
(stable-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device
tables (stable-fixes).
- wifi: rtw88: usb: Fix disconnection after beacon loss
(stable-fixes).
- media: uvcvideo: Disable autosuspend for Insta360 Link
(stable-fixes).
- sbitmap: use READ_ONCE to access map->word (stable-fixes).
- Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio
(stable-fixes).
- commit 5fabaee
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
(stable-fixes).
- commit ae4c81e
- ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: seq: ump: Optimize conversions from SysEx to UMP
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/virtio: Fix type of dma-fence context variable (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
(git-fixes).
- drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes).
- i915/perf: Remove code to update PWR_CLK_STATE for gen12
(git-fixes).
- commit 581e0b5
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit f2dc01f
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/ALSA-hda-cs35l41-Possible-null-pointer-dereference-i.patch
(git-fixes CVE-2024-40964 bsc#1227818).
- Update
patches.suse/ALSA-hda-cs35l56-Fix-lifetime-of-cs_dsp-instance.patch
(git-fixes CVE-2024-39491 bsc#1227627).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-SVM-WARN-on-vNMI-NMI-window-iff-NMIs-are-outrigh.patch
(git-fixes CVE-2024-39483 bsc#1227494).
- Update
patches.suse/KVM-arm64-Fix-circular-locking-dependency.patch
(bsc#1222463 (CVE-2024-26691) CVE-2024-26691).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/RDMA-rxe-Fix-responder-length-checking-for-UD-reques.patch
(git-fixes CVE-2024-40992 bsc#1227826).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/ax25-Fix-refcount-imbalance-on-inbound-connections.patch
(git-fixes CVE-2024-40910 bsc#1227832).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/btrfs-zoned-allocate-dummy-checksums-for-zoned-NODAT.patch
(bsc#1223731 CVE-2024-26944 CVE-2024-40962 bsc#1227815).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/cpufreq-amd-pstate-fix-memory-leak-on-CPU-EPP-exit.patch
(stable-fixes CVE-2024-40997 bsc#1227853).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/crypto-qat-Fix-ADF_DEV_RESET_SYNC-memory-leak.patch
(git-fixes CVE-2024-39493 bsc#1227620).
- Update
patches.suse/cxl-region-Fix-memregion-leaks-in-devm_cxl_add_regio.patch
(git-fixes CVE-2024-40936 bsc#1227833).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update patches.suse/drm-drm_file-Fix-pid-refcounting-race.patch
(git-fixes CVE-2024-39486 bsc#1227492).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-nouveau-don-t-attempt-to-schedule-hpd_work-on-he.patch
(git-fixes CVE-2024-40926 bsc#1227791).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/drm-shmem-helper-Fix-BUG_ON-on-mmap-PROT_WRITE-MAP_P.patch
(git-fixes CVE-2024-39497 bsc#1227722).
- Update
patches.suse/io_uring-io-wq-Use-set_bit-and-test_bit-at-worker-fl.patch
(git-fixes CVE-2024-39508 bsc#1227732).
- Update
patches.suse/io_uring-rsrc-don-t-lock-while-TASK_RUNNING.patch
(git-fixes CVE-2024-40922 bsc#1227785).
- Update
patches.suse/io_uring-sqpoll-work-around-a-potential-audit-memory.patch
(git-fixes CVE-2024-41001 bsc#1227869).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/mmc-davinci-Don-t-strip-remove-function-when-driver-.patch
(git-fixes CVE-2024-39484 bsc#1227493).
- Update
patches.suse/nfs-Handle-error-of-rpc_proc_register-in-nfs_net_ini.patch
(git-fixes CVE-2024-36939 bsc#1225838).
- Update
patches.suse/ocfs2-fix-races-between-hole-punching-and-AIO-DIO.patch
(git-fixes CVE-2024-40943 bsc#1227849).
- Update
patches.suse/serial-imx-Introduce-timeout-when-waiting-on-transmi.patch
(stable-fixes CVE-2024-40967 bsc#1227891).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/ssb-Fix-potential-NULL-pointer-dereference-in-ssb_de.patch
(stable-fixes CVE-2024-40982 bsc#1227865).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-ath11k-rely-on-mac80211-debugfs-handling-for-vi.patch
(bsc#1227149 CVE-2024-26637 bsc#1221652).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-cfg80211-detect-stuck-ECSA-element-in-probe-res.patch
(bsc#1227149 CVE-2024-26683 bsc#1222434).
- Update
patches.suse/wifi-cfg80211-validate-HE-operation-element-parsing.patch
(bsc#1227149 CVE-2024-40930 bsc#1228236).
- Update patches.suse/wifi-iwlwifi-Use-request_module_nowait.patch
(bsc#1227149 CVE-2024-36970 bsc#1226127).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-iwlwifi-mvm-pick-the-version-of-SESSION_PROTECT.patch
(bsc#1227149 CVE-2024-35913 bsc#1224485).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-improve-CSA-ECSA-connection-refusal.patch
(bsc#1227149 CVE-2024-26682 bsc#1222433).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/wifi-mt76-connac-check-for-null-before-dereferencing.patch
(bsc#1227149 CVE-2024-38609 bsc#1226751).
- Update
patches.suse/wifi-mt76-mt7921s-fix-potential-hung-tasks-during-ch.patch
(stable-fixes CVE-2024-40977 bsc#1227950).
- Update
patches.suse/wifi-mt76-mt7925e-fix-use-after-free-in-free_irq.patch
(bsc#1227149 CVE-2024-27049 bsc#1223763).
- Update
patches.suse/wifi-mt76-mt7996-fix-potential-memory-leakage-when-r.patch
(bsc#1227149 CVE-2024-38563 bsc#1226743).
- Update
patches.suse/x86-kexec-Fix-bug-with-call-depth-tracking.patch
(git-fixes CVE-2024-40944 bsc#1227883).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 2cd72fd
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(bsc#1012628 CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/btrfs-zoned-fix-lock-ordering-in-btrfs_zone_activate.patch
(bsc#1223731 CVE-2024-26944 CVE-2023-52668 bsc#1224690).
- Update
patches.suse/wifi-ath12k-fix-the-error-handler-of-rfkill-config.patch
(bsc#1227149 CVE-2023-52688 bsc#1224631).
- commit 0637df8
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit a8638c5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit 5c85064
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 48e8710
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 1a6942b
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit f6c7d72
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- commit e6f41be
- net: wwan: iosm: Fix tainted pointer delete is case of region
creation fail (CVE-2024-40939 bsc#1227799).
- commit 0b93a9f
- nsh: Restore skb->{protocol,data,mac_header} for outer header
in nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit 6740d82
- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
and related io_uring fix.
- commit ead5c32
- net: core: reject skb_copy(_expand) for fraglist GSO skbs
(CVE-2024-36929 bsc#1225814).
- commit e49ed10
- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit fe05fa4
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8707a09
- Drop MD patches that caused dependency cycles
Also the patch was placed in a wrong directory.
Deleted:
patches.kabi/0002-md-cluster-fix-no-recovery-job-when-adding-re-adding.patch
patches.suse/0001-md-cluster-fix-hanging-issue-while-a-new-disk-adding.patch
- commit f696a5b
- net: phy: micrel: Fix the KSZ9131 MDI-X status issue
(git-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- Bluetooth: btintel: Fail setup on error (git-fixes).
- wifi: ath12k: fix soft lockup on suspend (git-fixes).
- wifi: cfg80211: fix reporting failed MLO links status with
cfg80211_connect_done (git-fixes).
- wifi: mac80211: use monitor sdata with driver only if desired
(git-fixes).
- net: phy: realtek: add support for RTL8366S Gigabit PHY
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit f33a0c2
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit 960e23f
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 22c79c5
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit 3c83768
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 5cd5767
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit d598dd5
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 8e9651c
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit 2510511
- net: ks8851: Fix deadlock with the SPI chip variant (CVE-2024-41036 bsc#1228496)
- commit 3cf617f
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit dea6a81
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit 7880179
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit b832793
- NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076 bsc#1228649)
- commit c2db2a8
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 61cd0c5
- Update patch reference for ASoC fix (CVE-2024-41069 bsc#1228644)
- commit bc5c8af
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(stable-fixes bsc#1228665 CVE-2024-42105).
- commit c8d5b4d
- Update patches.suse/hfsplus-fix-uninit-value-in-copy_name.patch
(git-fixes bsc#1228561 CVE-2024-41059).
- commit f1238d0
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit a80ddf3
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit ab277a6
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- commit ec6fa65
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit d441a76
- Update patch reference of dmaengine fix (CVE-2024-40956 bsc#1227810)
- commit d7e764c
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit de8901b
- mm: vmalloc: check if a hash-index is in cpu_possible_mask (CVE-2024-41032 bsc#1228460)
- commit 9b04845
- seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (CVE-2024-40957 bsc#1227811)
- commit a8ab7dd
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit 74b98cc
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 5ea4aa9
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit 3ac6386
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 89912c7
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 3a174d1
- Update config files.
Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834)
- commit 9287d7f
- selftests/bpf: Extend tcx tests to cover late tcx_entry release
(bsc#1228021 CVE-2024-41010).
- bpf: Fix too early release of tcx_entry (bsc#1228021
CVE-2024-41010).
- commit 57180df
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit cd82cf6
- md-cluster: fix no recovery job when adding/re-adding a disk
(bsc#1223395).
- md-cluster: fix hanging issue while a new disk adding
(bsc#1223395).
- commit d3c6e61
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit dfba20e
- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
- commit 095be15
- blacklist.conf: kABI
- commit 1dd3f93
- blacklist.conf: spelling fix in comment
- commit de0ca0a
- blacklist.conf: cleanup, no code change
- commit 19384b6
- blacklist.conf: pure cleanup
- commit 21ff021
- blacklist.conf: pure cleanup
- commit fef6015
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- crmsh
-
- Update to version 4.6.0+20241012.24810ae:
* Fix: cibconfig: Disable auto add advise values for operations (bsc#1231386)
* Dev: report: make error messages easier to parse for hawk2 (bsc#1228899)
* Fix: report: find_shell should accept hacluster user (bsc#1228899)
* Dev: report: add a reminder to use `crm cluster health` (bsc#1228899)
* Dev: ui_cluster: add a reminder to use "crm cluster init/join ssh" to initialize ssh (bsc#1228899)
* Dev: scripts: add a reminder to use `crm cluster health` to fix hacluster passwordless ssh authentication (bsc#1228899)
* Dev: scripts: generate readable messages when ssh authentication fails (bsc#1228899)
* Fix: report: should not try interactive authentication when stdin is not a tty (bsc#1228899)
* Dev: main: remove upgradeutil (bsc#1228899)
* Fix: bootstrap: check is_nologin more robustly (bsc#1228251)
* Fix: utils: Stop providing the detailed and precise sudoer rules to "hack" the privilege (bsc#1229093)
- Update to version 4.6.0+20240903.4abc54a:
* Fix: Add a new option 'has_fa_advised_op' (bsc#1228858)
* Fix: utils: group check failure when os.getgroups() returns empty (bsc#1229030)
* Fix: report: When 'core.no_ssh' set to 'yes', crm report works in local mode (bsc#1228899)
* Fix: completers: deferring calls to crm_mon until envsetup() is called (bsc#1228271)
* Fix: utils: allow haclient group to use cluster level commands (bsc#1228271)
* Fix: scripts: call commands as current user when running as hacluster (bsc#1228271)
* Fix: prun: allow pcopy_to_remote to use intercept (bsc#1228271)
* Fix: upgradeutil: Immdiately return if config.core.no_ssh is set (bsc#1228899)
* Fix: ui_cluster: Handle 'crm cluster start --all' command (bsc#1228899)
* Fix: ui_cluster: Handle 'crm cluster stop --all' command (bsc#1228899)
* Fix: utils: Define utils.NoSSHError exception and ssh wrapper function (bsc#1228899)
* Fix: config: Add 'core.no_ssh' option (bsc#1228899)
* Dev: sh: Ensure CommandFailure Exception is Picklable Across Processes (bsc#1229686)
* Fix: report: Error output of crm_verify should be recorded in report result (bsc#1229686)
* Fix: Don't add time units to values for existing CIB (bsc#1228817)
* Fix: bootstrap: drop environ SSH_AUTH_SOCK before checking passwordless ssh when it is not enabled (bsc#1228950)
* Fix: bootstrap: should check if sudo is available when running `cluster join -c` with a non-root destination user (bsc#1228950)
* Fix: bootstrap: should check if sudo is available when running `cluster init -N` with a non-root destination user (bsc#1228950)
* Revert "Dev: ui_configure: Deprecate configure erase sub-command" (bsc#1228713)
* Fix: hahealth.py script (bsc#1228271)
- cryptsetup
-
- cryptsetup-fips140-3.patch: extend the password for PBKDF2 benchmarking
to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975)
- samba
-
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
(bso#15699); (bsc#1229684).
- Update to 4.19.8
* Invalid client warning about command line passwords;
(bso#15671);
* Version string is truncated in manpages; (bso#15672);
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673);
* cmdline_burn does not always burn secrets; (bso#15674);
* Samba doesn't parse SDDL found in defaultSecurityDescriptor
in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685);
* We have added new options --vendor-name and --vendor-patch-
revision arguments to ./configure to allow distributions and
packagers to put their name in the Samba version string so that
when debugging Samba the source of the binary is obvious;
(bso#15654);
* When claims enabled with heimdal kerberos, unable to log on to a
Windows computer when user account need to change their own
password; (bso#15655);
* Fix clock skew error message and memory cache clock skew
recovery; (bso#15676);
* CTDB RADOS mutex helper misses namespace support; (bso#15665);
* The images don't build after the git security release and
CentOS 8 Stream is EOL; (bso#15660);
* Fix unnecessary delays in CTDB while processing requests under
high load; (bso#15678);
* Dynamic DNS updates with the internal DNS are not working;
(bso#13019);
* s4:nbt_server: does not provide unexpected handling, so winbindd
can't use nmb requests instead cldap; (bso#15620);
* Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664);
* "client use kerberos" and --use-kerberos is ignored for the machine
account; (bso#15666);
* Regression DFS not working with widelinks = true; (bso#15435);
* ntlm_auth make logs more consistent with length check; (bso#15677);
- Fix a crash when joining offline and 'kerberos method' includes
keytab; (bsc#1228732);
- Fix reading the password from STDIN or environment vars if it
was already given in the command line; (bsc#1228732);
- Update to 4.19.7
* ldb qsort might r/w out of bounds with an intransitive
compare function (ldb 2.8.1 is already released);
(bso#15569).
* Many qsort() comparison functions are non-transitive, which
can lead to out-of-bounds access in some circumstances (ldb
2.8.1 is already released); (bso#15625).
* Need to change gitlab-ci.yml tags in all branches to avoid CI
bill; (bso#15638).
* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0; (bso#14981).
* Anonymous smb3 signing/encryption should be allowed (similar
to Windows Server 2022); (bso#15412).
* Panic in dreplsrv_op_pull_source_apply_changes_trigger;
(bso#15573).
* winbindd, net ads join and other things don't work on an ipv6
only host; (bso#15642).
* Smbcacls incorrectly propagates inheritance with Inherit-Only
flag; (bso#15636).
* http library doesn't support 'chunked transfer encoding';
(bso#15611).
- Update to 4.19.6
* fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close(); (bso#15527).
* samba-gpupdate: Correctly implement site support;
(bso#15588).
* libgpo: Segfault in python bindings; (bso#15599).
* Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580).
- cups
-
- cups-branch-2.2-commit-b643d6ba92f00752aa5e74ff86ad3974334914c1.diff
is https://github.com/OpenPrinting/cups/commit/b643d6ba92f00752aa5e74ff86ad3974334914c1
which was added in CUPS 2.2.8 that
fixed a parsing bug in cups_auth_find() in cups/auth.c
which lead to cupsd failing to authenticate users
when group membership is required by cupsd configuration
like 'Require user @GROUP' which lead to CUPS related commands
requesting password from group users even if it is not needed
(bsc#1226227)
- In cups.changes replaced one place where UTF-8 characters
were used in the entry dated "Sat Sep 30 08:52:42 UTC 2017"
for what should be ' - ' by ASCII to avoid RPMLINT warning
about 'non-break-space' which "can lead to obscure errors".
- curl
-
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patch:
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- cyrus-sasl
-
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
* Add cyrus-sasl-make-digestmd5-work-ssl3.patch
- deltarpm
-
- update to deltarpm-3.6.5
* support for archive files bigger than 2GByte [bnc#1230547]
- update to deltarpm-3.6.4
* support for threaded zstd
* use a tmp file instead of memory to hold the incore data
[bsc#1228948]
- dropped patches:
* deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch
- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
unsigned int)
- update to deltarpm-3.6.3
* support for threaded zstd compression
- Actually enable zstd compression
- update to deltarpm-3.6.2
* support for zstd compression
- lvm2
-
- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
+ bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- dracut
-
- Update to version 059+suse.541.g3c2df232:
* fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110)
- Update to version 059+suse.539.gdd3495f7:
* fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639)
* fix(zfcp_rules): check for presence of legacy rules (bsc#1230330)
Fixes for NVMeoF boot (bsc#1230468):
* fix(nvmf): install (only) required nvmf modules
* fix(nvmf): require NVMeoF modules
* fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly
- Update to version 059+suse.531.g48487c31:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs): error in conditional expressions (bsc#1228847)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- glibc
-
- Apply libc_nonshared.a workaround also on s390x and ppc64le (bsc#1231051)
- Use nss-systemd by default also in SLE (bsc#1230638)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228042, BZ
[#31934])
- gnutls
-
- FIPS: Do not allow curve P-192 for signature or keypair verification [bsc#1227669]
* Add gnutls-FIPS-p192-disabled.patch
- FIPS: Allow to perform the integrity check with the hmac provided
by each library [bsc#1226724]
* Rebase gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch
- FIPS: bsc#1230166
* Mark gnutls_hash_fast operations as approved in SLI.
* Add gnutls-FIPS-gnutls_hash_fast-SLI.patch
- FIPS: bsc#1226733
* Run pairwise consistency test only in FIPS mode
* Backport upstream commit 5c276953c1536375fba96bc769e1cb5d3123b4a7
* Add gnutls-pct-in-FIPS-only.patch
- FIPS: bsc#1226733
* Use full hash+sign operations, not low level primitives in PCT test.
* Add gnutls-FIPS-full-hash_sign.patch
- FIPS: bsc#1227642
* Mark SHA1 as not allowed for signature verification in both RSA and ECDSA sigVer.
* Add gnutls-FIPS-no-sha1-verify.patch
- FIPS: bsc#1227670
* Allow RSA signature verification with min of 2048 bit modulus.
* Add gnutls-FIPS-rsa-min-2048.patch
- FIPS: [bsc#1227671, bsc#1226731]
* Remove not needed DSA in selfchecks in FIPS mode.
* Add gnutls-FIPS-no_dsa_selftest.patch
- grub2
-
- Fix OOM error in loading loopback file (bsc#1230840)
* 0001-tpm-Skip-loopback-image-measurement.patch
- Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263)
* 0001-efinet-Skip-virtual-VLAN-devices-during-card-enumera.patch
- Fix grub screen is filled with artifects from earlier post menu (bsc#1224465)
* grub2-SUSE-Add-the-t-hotkey.patch
* 0001-fix-grub-screen-filled-with-post-screen-artifects.patch
- Fix crash in bli module (bsc#1226497)
* 0001-bli-Fix-crash-in-get_part_uuid.patch
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- hawk2
-
- Update to version 2.6.5+git.1727339846.0abbc129:
* Fix: hb_report: indicate the 'crm report' failure (bsc#1230674)
* Dev: wizards: don't use root password (bsc#1230672)
- Update to version 2.6.5+git.1725719218.8945dc86:
* Fix: decode the resource type from URI
* Fix: use ocf:heartbeat:Dummy instead of ocf:heartbeat:anything
* relax-test-cluster-conf.patch . To make compatible with sle15.2
- Update to version 2.6.5+git.1724746409.a23057e1:
* Add docstring to functions in hawk_test
* Dev: bump js-routes version
* Update copyright 2018 --> 2024
* Dev: rename 'Score' to 'Kind'
* Fix: cibtools: adjust to the new cibadmin format (bsc#1219831)
* Test: extend the test_check_cluster_configuration
* Update the drop-down boxes in the Cluster Configuration
* Increase the test delays back, as they were before
* Add test_check_cluster_configuration for 15aee3b2
* Use crm_attribute --list-options (ped#8016)
* Check rsc stonith is in maintenance by either of 2 keywords
* Update sanity check for passwd existance
* Update validation for the newer versions of rails
- icewm-theme-branding
-
- Add fix-web-browser-icon.patch:
The Adwaita theme does not provide much legacy apps icon now,
redirect icewm web-browser icon to the right place. See:
https://gitlab.gnome.org/GNOME/adwaita-icon-theme/-/issues/163
https://gitlab.gnome.org/GNOME/adwaita-icon-theme/-/merge_requests/34/
(bsc#1220034, bsc#1222655)
- resource-agents
-
- resource-agents:azure-events-az retry handling (bsc#1226140)
Add upstream patch:
0001-azure-events-az-update-to-API-versions-add-retry-fun.patch
- libqt5-qtbase
-
- Add rebased upstream patch to delay any HTTP2 communication until
encrypted() can be responded to (bsc#1227426, CVE-2024-39936):
* 0001-HTTP2-Delay-any-communication-until-encrypted-can-be.patch
- Add upstream patch to fix a NULL pointer dereference via the
function QXcbConnection::initializeAllAtoms() when there is
anomalous behavior from the X server (bsc#1222120,
CVE-2023-45935):
* 0001-xcb-guard-a-pointer-before-usage.patch
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- ldb
-
- Update to 2.8.1
* Many qsort() comparison functions are non-transitive, which
can lead to out-of-bounds access in some circumstances;
(bso#15625).
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- nfs-utils
-
- Include source for libnfsidmap 0.26 and build that.
This is needed for compatability with SLE15-SP5 and earlier
(bsc#1228159)
Copied from old nfsidmap package:
libnfsidmap-0.26.tar.bz2
idmap-fix-prototype.patch
idmap-libnfsidmap-export-symbols.patch
idmap-0001-libnfsidmap-add-options-to-aid-id-mapping-in-multi-d.patch
idmap-0002-nss_gss_princ_to_ids-and-nss_gss_princ_to_grouplist-.patch
idmap-0001-Removed-some-unused-and-set-but-not-used-warnings.patch
idmap-0002-Handle-NULL-names-better.patch
idmap-0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
idmap-0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
idmap-0005-nss.c-wrong-check-of-return-value.patch
idmap-0006-Fixed-a-memory-leak-nss_name_to_gid.patch
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- FIPS: AES GCM external IV implementation [bsc#1228618]
* Mark the standalone AES-GCM encryption with external IV
as non-approved in the SLI.
* Add openssl-1_1-ossl-sli-021-AES-GCM-external-IV.patch
- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits
as approved in the SLI. [bsc#1228623]
* openssl-1_1-ossl-sli-020-PBKDF2-HMAC-size-SLI.patch
- FIPS: Enforce KDF in FIPS style [bsc#1224270]
* Add openssl-1_1-ossl-sli-019-Enforce-KDF.patch
- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI [bsc#1228619]
* Add openssl-1_1-ossl-sli-018-TLS13-HKDF.patch
- FIPS: The X9.31 scheme is not approved for RSA signature
operations in FIPS 186-5. [bsc#1224269]
* Add openssl-1_1-ossl-sli-017-X9.31-sign.patch
- FIPS: Differentiate the PSS length requirements [bsc#1224275]
* Add openssl-1_1-ossl-sli-016-PSS-length.patch
- FIPS: Mark sigGen and sigVer primitives as non-approved [bsc#1224272]
* Add openssl-1_1-ossl-sli-015-sigver-hashing.patch
- FIPS: Disable PKCSv1.5 and shake in FIPS mode [bsc#1224271]
* FIPS 186-5 Section 5.4 disallows RSA PKCSv1.5 signature
operations with XOF.
* Add openssl-1_1-ossl-sli-014-PKCSv1.5-and-shake.patch
- FIPS: Mark SHA1 as non-approved in the SLI [bsc#1224266]
* Add openssl-1_1-ossl-sli-013-Mark-SHA1-unapproved.patch
- FIPS: DH FIPS selftest and safe prime group [bsc#1224264]
* Add openssl-1_1-ossl-sli-012-DH-selftest-and-safe-prime-group.patch
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- FIPS: Remove not needed FIPS DRBG files [bsc#1224268]
- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1224265]
* Add PCT in function crypto/dh/dh_key.c:generate_key() to meet
assurance 5.6.2.1.4 of SP 800-56Arev3.
* Add openssl-fips-DH-Pair-wise-Consistency.patch
- FIPS: Disallow non-approved KDF types [bsc#1224267]
* Add openssl-1_1-ossl-sli-011-SSHKDF.patch
- FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 [bsc#1224273]
* Add openssl-1_1-ossl-sli-009-RSA-sigver.patch
* Add openssl-1_1-ossl-sli-010-ECDSA-sigver-keyver.patch
- FIPS: DRBG component chaining [bsc#1224258]
* Add prediction resistance and oversampling of the noise source.
* Allow setting the FIPS error state if jitterentropy fails the
health-tests.
* Add patches:
- openssl-1_1-FIPS-140-3-DRBG-prediction-resistance.patch
- openssl-1_1-FIPS-140-3-DRBG-oversampling.patch
- openssl-1_1-jitterentropy-error-state.patch
- FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size [bsc#1224260]
* Add openssl-1_1-FIPS-CRNGT_BUFSIZ.patch
- FIPS: Fix build warnings.
* Rebase patches:
- openssl-1.1.1-fips.patch
- openssl-fips_selftest_upstream_drbg.patch
- Fixed C99 violations in patches bsc1185319-FIPS-KAT-for-ECDSA.patch
(need to for explicity typecast) and
openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
(missing include) to allow the package to build with GCC 14.
[boo#1225907]
- openssl-3
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Security fix: [bsc#1230698, CVE-2024-41996]
* Validating the order of the public keys in the Diffie-Hellman
Key Agreement Protocol, when an approved safe prime is used.
* Added openssl-3-CVE-2024-41996.patch
- Security fix: [bsc#1229465, CVE-2024-6119]
* possible denial of service in X.509 name checks
* openssl-CVE-2024-6119.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- python311
-
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Update to 3.11.10:
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121957: Fixed missing audit events around interactive
use of Python, now also properly firing for ``python -i``,
as well as for ``python -m asyncio``. The event in question
is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where
``AF_UNIX`` is not available like Windows. Patch by
Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing
for ``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts
* mode* of ``0o700`` to restrict the new directory to
the current user. This fixes CVE-2024-4030 affecting
:func:`tempfile.mkdtemp` in scenarios where the base
temporary directory is more permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in :class:`zipfile.Path` causing infinite loops
(gh-122905) without breaking contents using legitimate
characters (bsc#1229704, CVE-2024-8088).
- gh-123067: Fix quadratic complexity in parsing ``"``-quoted
cookie values with backslashes by :mod:`http.cookies`
(bsc#1229596, CVE-2024-7592).
- gh-122905: :class:`zipfile.Path` objects now sanitize names
from the zipfile.
- gh-121650: :mod:`email` headers with embedded newlines are
now quoted on output. The :mod:`~email.generator` will now
refuse to serialize (write) headers that are unsafely folded
or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
(Contributed by Bas Bloemsaat and Petr Viktorin in
:gh:`121650`; CVE-2024-6923, bsc#1228780).
- gh-119506: Fix :meth:`!io.TextIOWrapper.write` method
breaks internal buffer when the method is called again
during flushing internal buffer.
- gh-118643: Fix an AttributeError in the :mod:`email` module
when re-fold a long address list. Also fix more cases of
incorrect encoding of the address separator in the address
list.
- gh-113171: Fixed various false positives and false
negatives in * :attr:`ipaddress.IPv4Address.is_private`
(see these docs for details) *
:attr:`ipaddress.IPv4Address.is_global` *
:attr:`ipaddress.IPv6Address.is_private` *
:attr:`ipaddress.IPv6Address.is_global` Also in the
corresponding :class:`ipaddress.IPv4Network` and
:class:`ipaddress.IPv6Network` attributes.
Fixes bsc#1226448 (CVE-2024-4032).
- gh-102988: :func:`email.utils.getaddresses` and
:func:`email.utils.parseaddr` now return ``('', '')``
2-tuples in more situations where invalid email addresses
are encountered instead of potentially inaccurate
values. Add optional *strict* parameter to these two
functions: use ``strict=False`` to get the old behavior,
accept malformed inputs. ``getattr(email.utils,
'supports_strict_parsing', False)`` can be use to check if
the *strict* paramater is available. Patch by Thomas Dwyer
and Victor Stinner to improve the CVE-2023-27043 fix
(bsc#1210638).
- gh-67693: Fix :func:`urllib.parse.urlunparse` and
:func:`urllib.parse.urlunsplit` for URIs with path starting
with multiple slashes and no authority. Based on patch by
Ashwin Ramaswami.
- Core and Builtins
- gh-112275: A deadlock involving ``pystate.c``'s
``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
fixed. Patch by ChuBoning based on previous Python 3.12 fix
by Victor Stinner.
- gh-109120: Added handle of incorrect star expressions, e.g
``f(3, *)``. Patch by Grigoryev Semyon
- Removed upstreamed patches:
- CVE-2023-27043-email-parsing-errors.patch
- CVE-2024-4032-private-IP-addrs.patch
- CVE-2024-6923-email-hdr-inject.patch
- CVE-2024-8088-inf-loop-zipfile_Path.patch
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
failing test_sendfile_close_peer_in_the_middle_of_receiving
tests on Linux >= 6.10 (GH-120227).
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
malformed payload to cause infinite loops in zipfile.Path
(bsc#1229704, CVE-2024-8088).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- Update F00251-change-user-install-location.patch to make pip and
modern tools install directly in /usr/local when used by the user.
bsc#1225660
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
- Update CVE-2023-52425-libexpat-2.6.0-backport.patch
so that it uses features sniffing, not just
comparing version number. Include also
support-expat-CVE-2022-25236-patched.patch.
- Add CVE-2023-52425-remove-reparse_deferral-tests.patch skipping
failing tests.
- Refresh patches:
- CVE-2023-27043-email-parsing-errors.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- Remove included patch:
- support-expat-CVE-2022-25236-patched.patch
- python3
-
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- ruby2.5
-
- backport REXML from 3.3
- fix denial of service when parsing a XML that has many deep
elements with the same local name attributes
(boo#1229673 CVE-2024-43398)
- fix denial of service when parsing an XML that contains many
specific characters such as whitespaces, >] and ]>
(boo#1228794 CVE-2024-41123)
- fix denial of service when parsing an XML that has many entity
expansions with SAX2 or pull parser API
(boo#1228799 CVE-2024-41946)
- fix denial of service when parsing an XML that has many left
angled brackets in an attribute value
(boo#1224390 CVE-2024-35176)
- fix ReDoS when parsing an XML that has many specific characters
(boo#1228072 CVE-2024-39908)
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- systemd
-
- Import commit 44943af96be1422c2d7bdf271e4a77b42f4b41ec (merge of v254.18)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/51fd0b7b9d11bb932370f4bcc3e849f8c0b3bc06...44943af96be1422c2d7bdf271e4a77b42f4b41ec
- Add 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch (bsc#1229518)
- Import commit 51fd0b7b9d11bb932370f4bcc3e849f8c0b3bc06
0512d0d1fc cgroup: Rename effective limits internal table (jsc#PED-5659)
765846b70b cgroup: Restrict effective limits with global resource provision (jsc#PED-5659)
e29909088b test: Add effective cgroup limits testing (jsc#PED-5659)
beacac6df0 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659)
e3b789e512 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659)
5aa063ae16 bus-print-properties: prettify more unset properties
a53122c9bd bus-print-properties: ignore CGROUP_LIMIT_MAX for Memory*{Current, Peak}
8418791441 cgroup: rename TasksMax structure to CGroupTasksMax
- Drop 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
5005-bus-print-properties-prettify-more-unset-properties.patch
5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
5008-test-Add-effective-cgroup-limits-testing.patch
5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
5010-cgroup-Rename-effective-limits-internal-table.patch
These patches have been merged in the SUSE/254 branch.
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
- Make the 32bit version of libudev.so available again (bsc#1228223)
The symlink for building 32bit applications was mistakenly dropped when the
content of libudev-devel was merged into systemd-devel.
Provide the 32bit flavor of systemd-devel again, which should restore the plug
and play support in Wine for 32bit windows applications.
- Import commit cbad4b6dbbec36616c04f2d26e2e568936c789ab (merge of v254.17)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/2ef89364315e1ca71606768f1bb4d63aaee66209...cbad4b6dbbec36616c04f2d26e2e568936c789ab
- Import commit 2ef89364315e1ca71606768f1bb4d63aaee66209 (merge of v254.16)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/957aeb6452837326866e1f89092e6d0e0665fc10...2ef89364315e1ca71606768f1bb4d63aaee66209
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- tiff
-
- security update:
* CVE-2024-7006 [bsc#1228924]
Fix pointer deref in tif_dirinfo.c
+ tiff-CVE-2024-7006.patch
- libzypp
-
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- makedumpfile
-
- don't reserve disk space for flattened format (bsc#1226183)
* Add make-reserve_diskspace-do-nothing-for-flattened-form.patch
- opensc
-
- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
* opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
* opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
* opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
* opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
* opensc: Incorrect handling length of buffers or files in libopensc
* opensc: Incorrect handling of the length of buffers or files in pkcs15init
* Added patches:
- opensc-CVE-2024-45615.patch
- opensc-CVE-2024-45616.patch
- opensc-CVE-2024-45617.patch
- opensc-CVE-2024-45618.patch
- opensc-CVE-2024-45619.patch
- opensc-CVE-2024-45620.patch
- Security fix: [CVE-2024-8443, bsc#1230364]
* opensc: heap buffer overflow in OpenPGP driver when generating key
* Added patch: opensc-CVE-2024-8443.patch
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#176
- handle missing grub_installdevice on powerpc (bsc#1230070)
- 1.8.2
- permissions
-
- Update to version 20240826:
* permissions: remove outdated entries (bsc#1228968)
- Update to version 20240826:
* cockpit: revert path change (bsc#1229329)
- python-azure-agent
-
- Restart the agent (bsc#1227600)
+ The agent service gets restarted in post but may fail due to a missing
config file. config files were split into their own package previously.
When we detect that we have to restore a config file we also need
to restart the agent again.
- python-dnspython
-
- Fix CVE-2023-29483-pre1.patch
(bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
- python-psutil
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- salt
-
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- python-Twisted
-
- Add a couple of upstream patches to fix http process information
disclosure (CVE-2024-41671, bsc#1228549) and XSS via html injection
(CVE-2024-41810, bsc#1228552):
* CVE-2024-41671.patch gh#twisted/twisted@4a930de12fb6
* CVE-2024-41810.patch gh#twisted/twisted@046a164f89a0
- python-aiohttp
-
- Add patch CVE-2024-42367-path-traversal-via-symlink.patch:
* Do not follow symlinks for compressed file variants.
(CVE-2024-42367, bsc#1229226)
- python-azure-identity
-
- Cherry-pick upstream patch to fix managed identity vulnerability
+ CVE-2024-35255.patch (bsc#1230100, CVE-2024-35255)
- protobuf
-
- Build the java part with maven, so that we create artifacts
that correspond to upstream distributed ones.
- Add maven artifact metadata to the protoc binary
- Package also the bom and pom artifacts
- Add patch to fix StackOverflow vulnerability in Protocol Buffers
* CVE-2024-7254.patch (bsc#1230778, CVE-2024-7254)
- python-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- regionServiceClientConfigAzure
-
- Update to version 2.2.0 (jsc#PCT-360)
+ Add IPv6 certs to enable IPv6 access of the update infrastructure
+ Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
in the Public Cloud
- Update to version 2.1.0 (bsc#1217537)
+ Replace certs 23.100.36.229.pem and 40.121.202.140.pem (4096 length):
rgnsrv-azure-westus -> 23.100.36.229.pem expires 9 years
rgnsrv-azure-eastus -> 40.121.202.140.pem expires 10 years
- release-notes-sles-for-sap
-
- 15.6.20240805 (tracked in bsc#933411)
- Split What Is New into sections (bsc#1222555)
- Added note about HA SAP Convergent Mediation (jsc#PED-7207)
- rsyslog
-
- restart daemon after update at the end of the transaction
(bsc#1230984)
- Upgrade to rsyslog 8.2406.0
-patches replaced by upgrade (see details in upgrade logs below)
0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
* 2023-11-29: Revert "Update omlibdbi.c"
* 2023-11-21: imkmsg: add params "readMode" and "expectedBootCompleteSeconds"
* 2023-11-10: testbench: fix "typo" in test case
* 2023-11-08: omazureeventhubs: Corrected handling of transport closed failures
* 2023-10-31: imkmsg: add module param parseKernelTimestamp
* 2023-11-03: imfile: remove state file on file delete fix
* 2023-10-30: imklog bugfix: keepKernelTimestamp=off config param did not work
* 2023-10-30: Netstreamdriver: deallocate certificate related resources
* 2023-10-20: TLS subsystem: add remote hostname to error reporting
* 2023-10-21: Fix forking issue do to close_range call
* 2023-10-23: replace debian sample systemd service file by readme
* 2023-10-20: testbench: bump zookeeper version to match current offering
* 2023-10-20: Update rsyslog.service sample unit to the latest version used in Debian Trixie
* 2023-10-20: Only keep a single rsyslog.service for Debian
* 2023-10-20: Remove no longer used --with-systemdsystemunitdir configure switch
* 2023-10-18: use logind instead of utmp for wall messages with systemd
* 2023-10-11: Typo fixes
* 2023-10-11: Drop CAP_IPC_LOCK capability
* 2023-10-04: Add CAP_NET_RAW capability due to the omudpspoof module
* 2023-10-03: Add new global config option "libcapng.enable"
* 2023-10-02: tcp net subsystem: handle data race gracefully
* 2023-08-31: Avoid crash on restart in imrelp SIGTTIN handler
- replaces 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
* 2023-09-26: fix startup issue on modern systemd systems
* 2023-09-14: Fix misspeling in message.
* 2023-09-13: tcpflood bugfix: plain tcp send error not properly reported
* 2023-09-12: omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set
* 2023-08-02: testbench: cleanup and improve some more imfile tests
* 2023-08-02: lookup tables: fix static analyzer issue
* 2023-08-02: lookup tables bugfix: reload on HUP did not work when backgrounded
* 2023-07-28: CI: fix and cleaup github workflow
* 2023-03-07: imjournal: Support input module
* 2023-07-28: testbench: make test more reliable
* 2023-07-28: tcpflood: add -A option to NOT abort when sending fails
* 2023-07-28: tcpflood: fix today's programming error
* 2023-07-28: openssl: Replaced depreceated method SSLv23_method with TLS_method
* 2023-07-27: testbench improvement: define state file directories for imfile tests
* 2023-07-28: testbench: cleanup a test and some nitfixes to it
* 2023-07-27: tcpflood bugfix: TCP sending was not implemented properly
* 2023-07-26: testbench: make waiting for HUP processing more reliable
* 2023-07-25: build system: make rsyslogd execute when --disable-inet is configured
* 2023-07-25: CI: update zookeper download to newer version
* 2023-07-10: ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions
* 2023-07-11: ossl: Fix CRL File Expire from 1 day to 100 years.
* 2023-07-06: PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+
* 2022-05-13: omazureeventhubs: Initial implementation of new output module
* 2023-07-03: TLS CRL Support Issue 5081
* 2023-06-29: action.resumeintervalmax: the parameter was not respected
* 2023-06-28: IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0
* 2023-05-15: Add the 'batchsize' parameter to imhiredis
* 2023-06-28: Clear undefined behavior in libgcry.c (GH #5167)
* 2023-06-22: Do not try to drop capabilities when we don't have any
* 2023-06-22: testbench: use newer zookeeper version in tests
* 2023-06-22: build system: more precise error message on too-old lib
* 2023-05-17: Fix quoting for omprog, improg, mmexternal
- rubygem-actionmailer-5_1
-
- security update
- added patches
fix CVE-2024-47889 [bsc#1231723], Possible ReDoS vulnerability in block_format in Action Mailer
+ rubygem-actionmailer-5_1-CVE-2024-47889.patch
- rubygem-actionpack-5_1
-
- security update
- added patches
fix CVE-2024-47887 [bsc#1231729], Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
+ 0010-CVE-2024-47887.patch
fix CVE-2024-42228 [bsc#1228667], Using uninitialized value *size when calling amdgpu_vce_cs_reloc
+ 0011-CVE-2024-42228.patch
- rubygem-bundler
-
- Avoid command injection vulnerability
* CVE-2021-43809 (bnc#1193578)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- saptune
-
- update package version of saptune to 3.1.3
* remove note 1868829 from solution S4HANA-APPSERVER as it is a
HANA DB note and was added by accident
(bsc#1226093)
* for verify and simulate output table - wrap content of the
columns 'actual', 'expected' and 'override', if they exceed a
width of 30 characters (e.g. net.ipv4.ip_local_reserved_ports)
* support inline comments in /etc/sysconfig/saptune
* change handling of the performance options.
Check, if the settings are supported in the get-Functions too.
This should fix the problem with some special Azure VMs
(E20d_v5) on newer SLES SPs
(jsc#SAPSOL-110)
* SAP Note 2578899 updated to Version 48
setting kernel.pid_max to 4194304 and
start sysctl-logger service
- scap-security-guide
-
- updated to 0.1.74 (jsc#ECO-3319)
- Add Amazon Linux 2023 product (#12006)
- Introduce new remediation type Kickstart (#12144)
- Make PAM macros more flexible to variables (#12133)
- Remove Debian 10 Product (#12205)
- Remove Red Hat Enterprise Linux 7 product (#12093)
- Update CIS RHEL9 control file to v2.0.0 (#12067)
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- strace
-
- Change the license to the correct LGPL-2.1-or-later
(bsc#1228216).
- supportutils-plugin-ha-sap
-
- Update to version 0.0.6+git.1727164834.7af8512:
* Fix bsc#1230319 supportutils-plugin-ha-sap does not know about recent SAPHana-angi. This was partialy solved by last commit.
* switch from the deprecated scplugin.rc to supportconfig.rc adapt all function calls This was triggered by SLE16 package submission, because of missing provides to fulfill the package requirements. But this change was long overdue as scplugin.rc is deprecated in SLE15 cdestreams as well
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- ensure key2rpmname is called using bash.
- make the per-project inclusion optional, default off.
- Also include the GPG key from the current build project
to allow Staging testing without production keys. (bsc#1231829)
- tuned
-
- added uncore plugin (jsc#PED-8397)
A uncore-477.patch
A uncore-590.patch
A uncore-606.patch
- unzip
-
- Use %patch -P N instead of deprecated %patchN.
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
- wget
-
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- xen
-
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- Update to Xen 4.18.3 security bug fix release (bsc#1027519)
xen-4.18.3-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
- Dropped patches contained in new tarball
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- xfsprogs
-
- xfs_repair: allow symlinks with short remote targets (bsc#1229160)
- add xfsprogs-xfs_repair-allow-symlinks-with-short-remote-targets.patch
- yast2-bootloader
-
- Sync warning text from s390 secure boot to be identical in
installation proposal and on running system (bsc#1219989)
- 4.6.8
- yast2-country
-
- Rename Europe/Kiev to Europe/Kyiv as per 2022b release of
tz code and data by ICANN (bsc#1224387)
- 4.6.7
- yast2-firewall
-
- In case of autoinstallation keep the firewall service state in
the Installation::SecuritySettings for not conflicting with the
proposal (bsc#1216615)
- 4.6.1
- yast2-installation
-
- Don't block in AutoYaST upgrade (bsc#1181625)
- 4.6.13
- yast2-iscsi-client
-
- Fixes for bsc#1228084:
- Inst client: Read sessions just after auto login in order to
enable services at the end of the installation if needed
- Finish client: enable iscsiuio.service instead of the socket
- Use ip for reading the ip address of a given device instead of
the deprecated ifconfig command
- 4.6.3
- Don't leak passwords to the log (bsc#1225432)
- 4.6.2
- yast2-kdump
-
- Don't write empty fadump="" kernel parameter (bsc#1230359)
- 4.6.3
- yast2-registration
-
- Disable the SLE_BCI repository after registration (jsc#PED-8817)
- 4.6.3
- yast2-security
-
- Do not load the security settings from the security policy until
needed (bsc#1216615).
- 4.6.1
- yast2-storage-ng
-
- Use the newer exfatprogs instead of exfat-utils (bsc#1187854)
- 4.6.18
- yast2-users
-
- Relax check in GECOS field (bsc#1228149):
Allow any data except colons
- 4.6.6
- Backport changes to avoid namespace collisions
(gh#yast/yast-users#396)
- 4.6.5
- Branch package for SP6 (bsc#1208913)
- 4.6.4
- zypper
-
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)