- avahi
-
- Update avahi-daemon-check-dns.sh from Debian. Our previous
version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
when invoking avahi-daemon-check-dns.sh (boo#1180827
CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
- bind
-
- dnssec-keygen can no longer generate HMAC keys.
Use tsig-keygen instead.
modified genDDNSkey script to reflect this.
[vendor-files/tools/bind.genDDNSkey, bsc#1180933]
- cloud-init
-
- Update cloud-init-write-routes.patch (bsc#1180176)
+ Follow up to previous changes. Fix order of operations
error to make gateway comparison between subnet configuration and
route configuration valuable rather than self-comparing.
- Add cloud-init-sle12-compat.patch (jsc#PM-2335)
- Python 3.4 compatibility in setup.py
- Disable some test for mock version compatibility
- glibc
-
- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
(CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
/sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
- grub2
-
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
* 0028-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
* 0029-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
* 0030-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
* 0031-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
* 0032-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
* 0033-util-mkimage-Improve-data_size-value-calculation.patch
* 0034-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
* 0035-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
* 0036-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
* 0019-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
* 0021-kern-parser-Fix-resource-leak-if-argc-0.patch
* 0022-kern-parser-Fix-a-memory-leak.patch
* 0023-kern-parser-Introduce-process_char-helper.patch
* 0024-kern-parser-Introduce-terminate_arg-helper.patch
* 0025-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
* 0026-kern-buffer-Add-variable-sized-heap-buffer.patch
* 0027-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
* 0020-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
* 0018-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
* 0017-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
* 0001-mkimage-Clarify-file-alignment-in-efi-case.patch
* 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
* 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
* 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
* 0005-efi-Add-secure-boot-detection.patch
* 0006-kern-Add-lockdown-support.patch
* 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
* 0008-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
* 0009-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
* 0010-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
* 0011-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
* 0012-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
* 0013-commands-setpci-Restrict-setpci-command-when-locked-.patch
* 0014-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
* 0015-gdb-Restrict-GDB-access-when-locked-down.patch
* 0016-loader-xnu-Don-t-allow-loading-extension-and-package.patch
* 0037-squash-Add-secureboot-support-on-efi-chainloader.patch
* 0038-squash-grub2-efi-chainload-harder.patch
* 0039-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
* 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch
* 0041-squash-kern-Add-lockdown-support.patch
- Add SBAT metadata section to grub.efi
* grub2.spec
- kernel-default
-
- SLE15-SP1 went to LTSS, hand over to L3
- commit 547a203
- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049).
- commit 9a1258d
- kernfs: deal with kernfs_fill_super() failures (bsc#1181809).
- commit 2955da8
- Fix the inconsistent kfree() call at rawmidi (CVE-2020-27786 bsc#1179601
Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit b3ad1de
- scsi: qla2xxx: Fix description for parameter
ql2xenforce_iocb_limit (bsc#1179142).
- commit 547d89c
- Fix a bug in rawmidi UAF fix patch (bsc#1179601, CVE-2020-27786)
Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit ce80dfa
- kABI: Fix kABI for extended APIC-ID support (bsc#1181260,
jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260,
jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where
available (bsc#1181260, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE
(bsc#1181260, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit
(bsc#1181260, jsc#ECO-3191).
- x86/apic: Fix x2apic enablement without interrupt remapping
(bsc#1181260, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260,
jsc#ECO-3191).
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is
not built (bsc#1181260, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported
address widths (bsc#1181260, jsc#ECO-3191).
- commit bd17758
- nbd: freeze the queue while we're adding connections
(bsc#1181504 CVE-2021-3348).
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- commit 447797a
- Move futex fixes into the sorted section (bsc#1181349 CVE-2021-3347)
- commit c34c9df
- drm/i915: Check for all subplatform bits (git-fixes).
- can: dev: prevent potential information leak in can_fill_info()
(git-fixes).
- xhci: tegra: Delay for disabling LFPS detector (git-fixes).
- xhci: make sure TRB is fully written before giving it to the
controller (git-fixes).
- USB: ehci: fix an interrupt calltrace error (git-fixes).
- ehci: fix EHCI host controller initialization sequence
(git-fixes).
- ALSA: seq: oss: Fix missing error check in
snd_seq_oss_synth_make_info() (git-fixes).
- ALSA: hda/via: Add minimum mute flag (git-fixes).
- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner
fields (git-fixes).
- drm/nouveau/privring: ack interrupts the same way as RM
(git-fixes).
- drm/nouveau/bios: fix issue shadowing expansion ROMs
(git-fixes).
- ALSA: doc: Fix reference to mixart.rst (git-fixes).
- ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
- can: c_can: c_can_power_up(): fix error handling (git-fixes).
- commit 6556b1a
- Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347)
- commit afd051d
- Refresh patches.suse/futex-Handle-transient-ownerless-rtmutex-state-corre.patch
As of patches.suse/0001-locking-futex-Allow-low-level-atomic-operations-to-r.patch
we need to update the patch such that we set EAGAIN and avoid a warn (albeit benign).
- commit 96704b7
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
(git-fixes).
- s390/qeth: fix locking for discipline setup / removal
(git-fixes).
- s390/qeth: fix deadlock during recovery (git-fixes).
- s390/qeth: delay draining the TX buffers (git-fixes).
- commit eca39ca
- s390/cio: fix use-after-free in ccw_device_destroy_console
(git-fixes).
- commit 2bcefd5
- net/smc: fix sleep bug in smc_pnet_find_roce_resource()
(git-fixes).
- Refresh
patches.suse/net-smc-switch-smcd_dev_list-spinlock-to-mutex.
- commit b63038e
- net/smc: cancel event worker during device removal (git-fixes).
- net/smc: check for valid ib_client_data (git-fixes).
- net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
- net/smc: receive returns without data (git-fixes).
- commit 4050493
- Refresh patches.suse/4.4.136-002-powerpc-64s-Clear-PCR-on-boot.patch
Also clear PCR on POWER9 and in dt_cpu_ftrs.
- commit 6cd712e
- net/mlx5: Fix memory leak on flow table creation error flow
(bsc#1046305 FATE#322943).
- igc: fix link speed advertising (jsc#SLE-4799).
- commit 37cbcd7
- Refresh
patches.suse/0013-net-liquidio-Delete-non-working-LIQUIDIO_PACKAGE-che.patch.
- Delete
patches.suse/0012-net-liquidio-Delete-driver-version-assignment.patch.
As we don't have upstream commit 6a7e25c7fb48 ("/net/core: Replace driver
version to be kernel version"/) in our trees, removing driver version
assignments is wrong. Therefore removed commit and adapted fixes backport.
- commit 226c353
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- commit 0ba69a9
- futex: Handle faults correctly for PI futexes (bsc#1181349
bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349
bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state()
(bsc#1181349 bsc#1149032).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
(bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349
bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349
bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi()
(bsc#1181349 bsc#1149032).
- futex: Don't enable IRQs unconditionally in put_pi_state()
(bsc#1149032).
- locking/futex: Allow low-level atomic operations to return
- EAGAIN (bsc#1149032).
- commit 058c695
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- commit 786eb3d
- cxgb4: fix the panic caused by non smac rewrite (bsc#1064802
bsc#1066129).
- commit b5006a4
- net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
- commit 3aea956
- net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (git-fixes). - Refresh patches.suse/net-dsa-b53-Rework-ARL-bin-logic.patch.
- commit a432764
- net/liquidio: Delete non-working LIQUIDIO_PACKAGE check
(git-fixes).
- commit 61efd0a
- net/liquidio: Delete driver version assignment (git-fixes).
- commit 8fe74e2
- net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
- commit c6bce34
- net: atlantic: fix potential error handling (git-fixes).
- commit dbd80e5
- net: atlantic: fix use after free kasan warn (git-fixes).
- commit 038a344
- net: smc911x: Adjust indentation in smc911x_phy_configure
(git-fixes).
- commit d99da08
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
(git-fixes).
- commit a3ef2cc
- net/sonic: Add mutual exclusion for accessing shared state
(git-fixes).
- commit 3796c70
- mlxsw: switchx2: Do not modify cloned SKBs during xmit
(git-fixes).
- commit 1f71af0
- mlxsw: spectrum: Do not modify cloned SKBs during xmit
(git-fixes).
- commit 606b6bb
- net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
- commit bd3b5d1
- RDMA/mlx5: Fix wrong free of blue flame register on error
(bsc#1103991 FATE#326007).
- bnxt_en: Improve stats context resource accounting with RDMA
driver loaded (bsc#1104745 FATE#325918).
- net/mlx5e: Fix two double free cases (bsc#1046305 FATE#322943).
- chtls: Fix chtls resources release sequence (bsc#1104270
FATE#325931).
- chtls: Added a check to avoid NULL pointer dereference
(bsc#1104270 FATE#325931).
- chtls: Replace skb_dequeue with skb_peek (bsc#1104270
FATE#325931).
- chtls: Remove invalid set_tcb call (bsc#1104270 FATE#325931).
- chtls: Fix hardware tid leak (bsc#1104270 FATE#325931).
- net: hns3: fix the number of queues actually used by ARQ
(bsc#1104353 FATE#326415).
- net: mvpp2: fix pkt coalescing int-threshold configuration
(bsc#1098633).
- tun: fix return value when the number of iovs exceeds
MAX_SKB_FRAGS (bsc#1109837).
- net: mvpp2: Fix GoP port 3 Networking Complex Control
configurations (bsc#1098633).
- RDMA/cma: Don't overwrite sgid_attr after device is released
(bsc#1103992 FATE#326009).
- ixgbe: avoid premature Rx buffer reuse (bsc#1109837
FATE#326322).
- i40e: avoid premature Rx buffer reuse (bsc#1111981 FATE#326312
FATE#326313).
- net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113
FATE#326472).
- chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270
FATE#325931).
- chelsio/chtls: fix panic during unload reload chtls (bsc#1104270
FATE#325931).
- bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242
FATE#322914).
- RDMA/hns: Bugfix for memory window mtpt configuration
(bsc#1104427 FATE#326416).
- net/mlx5: Add handling of port type in rule deletion
(bsc#1103991 FATE#326007).
- chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270
FATE#325931).
- chelsio/chtls: fix memory leaks caused by a race (bsc#1104270
FATE#325931).
- chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270
FATE#325931).
- chelsio/chtls: fix deadlock issue (bsc#1104270 FATE#325931).
- cxgb4: set up filter action after rewrites (bsc#1064802
bsc#1066129).
- chelsio/chtls: fix tls record info to user (bsc#1104270
FATE#325931).
- net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN
tunnels (bsc#1109837).
- chelsio/chtls: correct function return and return type
(bsc#1104270 FATE#325931).
- chelsio/chtls: correct netdevice for vlan interface (bsc#1104270
FATE#325931).
- chelsio/chtls: fix socket lock (bsc#1104270 FATE#325931).
- RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
(bsc#1103992 FATE#326009).
- RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427
FATE#326416).
- commit ddb281e
- blacklist.conf: add NFS patches which hurt kabi
- commit f3c5ae2
- nfsd4: readdirplus shouldn't return parent of export
(git-fixes).
- commit 94a53d9
- net: hns3: fix a wrong reset interrupt status mask (git-fixes).
- commit f402199
- bnxt_en: return proper error codes in bnxt_show_temp
(bsc#1104745 FATE#325918).
- cxgb4: fix all-mask IP address comparison (bsc#1064802
bsc#1066129).
- IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
(bsc#1103991 FATE#326007).
- RDMA/core: Ensure security pkey modify is not lost (bsc#1046306
FATE#322942).
- RDMA/core: Fix pkey and port assignment in get_new_pps
(bsc#1046306 FATE#322942).
- RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306
FATE#322942).
- commit fb4b60c
- net: hns3: add compatible handling for command
HCLGE_OPC_PF_RST_DONE (git-fixes).
- net: hns3: check reset interrupt status when reset fails
(git-fixes).
- commit 3bdc4a9
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
(git-fixes).
- net/mlx4_en: Avoid scheduling restart task if it is already
running (git-fixes).
- cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
- net: ena: set initial DMA width to avoid intel iommu issue
(git-fixes).
- i40e: Fix removing driver while bare-metal VFs pass traffic
(git-fixes).
- bnxt_en: Release PCI regions when DMA mask setup fails during
probe (git-fixes).
- bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
- bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
(git-fixes).
- RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545
FATE#322893).
- net: ethernet: mlx4: Avoid assigning a value to ring_cons but
not used it anymore in mlx4_en_xmit() (git-fixes).
- net: team: fix memory leak in __team_options_register
(git-fixes).
- net/mlx5e: Fix VLAN create flow (git-fixes).
- net/mlx5e: Fix VLAN cleanup flow (git-fixes).
- team: set dev->needed_headroom in team_setup_by_port()
(git-fixes).
- bonding: set dev->needed_headroom in bond_setup_by_slave()
(git-fixes).
- RDMA/core: Fix reported speed and width (bsc#1046306
FATE#322942).
- RDMA/bnxt_re: Do not report transparent vlan from QP1
(bsc#1104742 FATE#325917).
- cxgb4: fix thermal zone device registration (bsc#1104279
FATE#325938 bsc#1104277 FATE#325936).
- bnxt_en: fix HWRM error when querying VF temperature
(bsc#1104745 FATE#325918).
- bnxt_en: Don't query FW when netif_running() is false
(bsc#1086282 FATE#324873).
- RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244
FATE#322915).
- RDMA/core: Fix return error value in _ib_modify_qp() to negative
(bsc#1103992 FATE#326009).
- RDMA/mlx5: Fix typo in enum name (bsc#1103991 FATE#326007).
- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
(bsc#1103990 FATE#326006).
- net: hns3: fix a TX timeout issue (bsc#1104353 FATE#326415).
- net: hns3: fix error handling for desc filling (bsc#1104353
FATE#326415).
- net: hns3: fix for not calculating TX BD send size correctly
(bsc#1126390).
- mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
(bsc#1112374).
- net: hns3: fix use-after-free when doing self test (bsc#1104353
FATE#326415).
- net: hns3: add a missing uninit debugfs when unload driver
(bsc#1104353 FATE#326415).
- cxgb4: move DCB version extern to header file (bsc#1104279
FATE#325938).
- cxgb4: remove cast when saving IPv4 partial checksum
(bsc#1074220).
- cxgb4: fix SGE queue dump destination buffer context
(bsc#1073513).
- cxgb4: use correct type for all-mask IP address comparison
(bsc#1064802 bsc#1066129).
- cxgb4: use unaligned conversion for fetching timestamp
(bsc#1046540 bsc#1046648).
- xdp: Fix xsk_generic_xmit errno (bsc#1109837).
- net/filter: Permit reading NET in load_bytes_relative when
MAC not set (bsc#1109837).
- RDMA/mlx5: Add init2init as a modify command (bsc#1103991
FATE#326007).
- RDMA/hns: Fix cmdq parameter of querying pf timer resource
(bsc#1104427 FATE#326416 bsc#1126206).
- net_failover: fixed rollback in net_failover_open()
(bsc#1109837).
- igb: Report speed and duplex as unknown when device is runtime
suspended (git-fixes).
- net/mlx5e: IPoIB, Drop multicast packets that this interface
sent (bsc#1075020).
- ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
(bsc#1109837 FATE#326322).
- veth: Adjust hard_start offset on redirect XDP frames
(bsc#1109837).
- Revert "/crypto: chelsio - Inline single pdu only"/ (git-fixes).
- bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745
FATE#325918).
- mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set
in case reload fails (bsc#1112374).
- __netif_receive_skb_core: pass skb by reference (bsc#1109837).
- RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348
jsc#SLE-4684).
- cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled
(bsc#1109837).
- cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
- cxgb4: fix large delays in PTP synchronization (bsc#1046540
bsc#1046648).
- qed: Fix use after free in qed_chain_free (bsc#1050536
FATE#322898 bsc#1050538 FATE#322897).
- qed: Fix race condition between scheduling and destroying
the slowpath workqueue (bsc#1086314 FATE#324886 bsc#1086313
FATE#324885 bsc#1086301 FATE#3248881).
- virtio_net: Keep vnet header zeroed if XDP is loaded for small
buffer (git-fixes).
- net: cbs: Fix software cbs to consider packet sending time
(bsc#1109837).
- bnxt_en: Reset rings if ring reservation fails during open()
(bsc#1086282 FATE#324873).
- cxgb4: fix throughput drop during Tx backpressure (bsc#1127354
bsc#1127371).
- RDMA/core: Fix protection fault in get_pkey_idx_qp_list
(bsc#1046306 FATE#322942).
- RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348
jsc#SLE-4684).
- net: hns3: add management table after IMP reset (bsc#1104353
FATE#326415).
- drivers: net: xgene: Fix the order of the arguments of
'alloc_etherdev_mqs()' (git-fixes).
- cxgb4/cxgb4vf: fix flow control display for auto negotiation
(bsc#1046540 FATE#322930 bsc#1046542 FATE#322928).
- net: hns3: reallocate SSU' buffer size when pfc_en changes
(bsc#1104353 FATE#326415).
- net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990
FATE#326006).
- net: hns3: fix mis-counting IRQ vector numbers issue
(bsc#1104353 FATE#326415).
- RDMA/hns: bugfix for slab-out-of-bounds when loading hip08
driver (bsc#1104427 FATE#326416).
- RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08
driver (bsc#1104427 FATE#326416).
- net_sched: let qdisc_put() accept NULL pointer (bsc#1056657
FATE#322189 bsc#1056653 FATE#322190 bsc#1056787).
- net: hns3: fix shaper parameter algorithm (bsc#1104353
FATE#326415).
- net: hns3: fix error VF index when setting VLAN offload
(bsc#1104353 FATE#326415).
- net: hns3: fix interrupt clearing error for VF (bsc#1104353
FATE#326415).
- net: hns3: clear reset interrupt status in hclge_irq_handle()
(git-fixes).
- nfp: validate the return code from dev_queue_xmit() (git-fixes).
- vhost/vsock: fix vhost vsock cid hashing inconsistent
(git-fixes).
- commit b766aed
- scsi: ibmvfc: Set default timeout to avoid crash during
migration (bsc#1181425 ltc#188252).
- commit 195b2a9
- blacklist.conf: add c8d647a326f0 xen/pvcallsback: use lateeoi irq binding
- commit 308c42d
- scsi: lpfc: Simplify bool comparison (bsc#1180891).
- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better
readability (bsc#1180891).
- scsi: lpfc: Implement health checking when aborting I/O
(bsc#1180891).
- scsi: lpfc: Fix vport create logging (bsc#1180891).
- scsi: lpfc: Fix NVMe recovery after mailbox timeout
(bsc#1180891).
- scsi: lpfc: Fix target reset failing (bsc#1180891).
- scsi: lpfc: Fix error log messages being logged following SCSI
task mgnt (bsc#1180891).
- scsi: lpfc: Prevent duplicate requests to unregister with
cpuhp framework (bsc#1180891).
- scsi: lpfc: Fix FW reset action if I/Os are outstanding
(bsc#1180891).
- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS
requests (bsc#1180891).
- scsi: lpfc: Fix crash when a fabric node is released prematurely
(bsc#1180891).
- scsi: lpfc: Refresh ndlp when a new PRLI is received in the
PRLI issue state (bsc#1180891).
- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT
for SLI3 (bsc#1180891).
- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
- commit 88024a9
- vfio iommu: Add dma available capability (bsc#1179573
LTC#190106).
- commit c234a3f
- iio: ad5504: Fix setting power-down state (git-fixes).
- serial: mvebu-uart: fix tx lost characters at power off
(git-fixes).
- usb: udc: core: Use lock when write to soft_connect (git-fixes).
- i2c: octeon: check correct size of maximum RECV_LEN packet
(git-fixes).
- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
- drm/atomic: put state on error path (git-fixes).
- ACPI: scan: Make acpi_bus_get_device() clear return pointer
on error (git-fixes).
- spi: cadence: cache reference clock rate during probe
(git-fixes).
- ACPI: scan: Harden acpi_device_add() against device ID overflows
(git-fixes).
- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
(git-fixes).
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
(git-fixes).
- ASoC: dapm: remove widget from dirty list on free (git-fixes).
- ACPI: scan: add stub acpi_create_platform_device() for
!CONFIG_ACPI (git-fixes).
- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
- commit 4e17252
- blacklist.conf: add CONFIG_PROC_FS=n fix
- commit d506362
- net: vlan: avoid leaks on register_vlan_dev() failures
(git-fixes).
- commit 588ae15
- s390/dasd: fix list corruption of lcu list (bsc#1181170
LTC#190915).
- s390/dasd: fix list corruption of pavgroup group list
(bsc#1181170 LTC#190915).
- s390/dasd: prevent inconsistent LCU device data (bsc#1181170
LTC#190915).
- commit e73b11c
- s390/smp: perform initial CPU reset also for SMT siblings
(git-fixes).
- commit 9853cb5
- net/af_iucv: set correct sk_protocol for child sockets
(git-fixes).
- net/af_iucv: always register net_device notifier (git-fixes).
- commit aebe99b
- net/af_iucv: fix null pointer dereference on shutdown
(bsc#1179563 LTC#190108).
- commit 0a706d4
- Drop drm/sun4i patches that broke the build
They don't build properly on 32bit arm config
- commit ef6a2c5
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
(bsc#1181231).
- KVM: x86/mmu: Commit zap of remaining invalid pages when
recovering lpages (bsc#1181230).
- commit 3da333d
- netfilter: ctnetlink: add a range check for l3/l4 protonum
(CVE-2020-25211 bsc#1176395).
- commit 92230c0
- blacklist.conf: Add a couple of VFIO/PCI and SWIOTLB fixes
- commit 9053ccf
- SUNRPC: cache: ignore timestamp written to 'flush' file
(bsc#1178036).
- commit 0eac715
- Update
patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Update
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
(CVE-2020-27675 XSA-331 bsc#1177410).
- Update
patches.suse/xen-events-don-t-use-chip_data-for-legacy-IRQs.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 77fc141
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770)
Backporting changes:
* context changes
- commit 2cc0fa0
- drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178)
Backporting changes:
* context changes
- commit 67fea56
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- commit 7b17926
- arm64: pgtable: Ensure dirty bit is preserved across
pte_wrprotect() (bsc#1180130).
- arm64: pgtable: Fix pte_accessible() (bsc#1180130).
- commit 50f7568
- netfilter: clear skb->next in NF_HOOK_LIST() (bsc#1180765
CVE-2021-20177).
- commit 979e397
- drm/amdkfd: Put ACPI table after using it (bsc#1129770)
Backporting changes:
* context changes
- commit d706a4a
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
Backporting changes:
* context changes
* removed reference to msm_gem_is_locked()
- commit 2473171
- drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
- commit 74c8661
- drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
Backporting changes:
* context changes
* moved num_mixers from struct dpu_crtc_state to struct dpu_crtc
- commit 235aa45
- blacklist.conf: Append 'drm/i915: Clear the repeater bit on HDCP disable'
- commit dd4f37c
- blacklist.conf: Append 'drm/i915: Fix sha_text population code'
- commit 7f2c93c
- drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178)
Backporting changes:
* context changes
- commit 3d4aebe
- drm/i915: Fix sha_text population code (bsc#1112178)
Backporting changes:
* context changes
- commit b3b6c93
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 5511837
- blacklist.conf: Append 'drm/amd/powerplay: fix a crash when overclocking Vega M'
- commit 17cad3d
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 15580f1
- drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178)
Backporting changes:
* context changes
- commit fb51493
- drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
- commit 909795d
- drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
- commit 76afd33
- NFS: nfs_igrab_and_active must first reference the superblock
(git-fixes).
- pNFS: Mark layout for return if return-on-close was not sent
(git-fixes).
- net: sunrpc: interpret the return value of kstrtou32 correctly
(git-fixes).
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
(git-fixes).
- NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
- lockd: don't use interval-based rebinding over TCP (git-fixes).
- NFSv4.2: condition READDIR's mask for security label based on
LSM state (git-fixes).
- md/raid10: initialize r10_bio->read_slot before use (git-fixes).
- md: fix a warning caused by a race between concurrent
md_ioctl()s (git-fixes).
- nfs_common: need lock during iterate through the list
(git-fixes).
- nfsd: Fix message level for normal termination (git-fixes).
- commit 4d661ca
- Remove patches.suse/nfs-mark-nfsiod-cpu-intensive.patch
About to get replaced by upstream version.
- commit 7d82450
- tun: correct header offsets in napi frags mode (bsc#1180812
CVE-2021-0342).
- commit 0ae29aa
- net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
(git-fixes).
- commit 91e8143
- blacklist.conf: Removal of HMM function breaks KABI
- commit 1cd8ef8
- blacklist.conf: SLUB not enabled in kernel config
- commit 6202d29
- page_frag: Recover from memory pressure (git fixes
(mm/pgalloc)).
- commit 4457ecd
- mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes
(mm/hotplug)).
- commit 840f046
- blacklist.conf: CMA not enabled in kernel config
- commit 4513c12
- blacklist.conf: CMA not enabled in kernel config
- commit 016b829
- mm/slab: use memzero_explicit() in kzfree() (git fixes
(mm/slab)).
- commit e7d7f67
- Refresh
patches.suse/mm-fix-mremap-not-considering-huge-pmd-devmap.patch.
- commit 2a2a762
- blacklist.conf: SLUB not enabled in kernel config
- commit 1d41e83
- blacklist.conf: SLUB not enabled in kernel config
- commit f29f5d9
- mm/page_alloc: fix watchdog soft lockups during
set_zone_contiguous() (git fixes (mm/pgalloc)).
- commit d02bb6f
- mm/rmap: map_pte() was not handling private ZONE_DEVICE page
properly (git fixes (mm/hmm)).
- commit 433e971
- mm: hwpoison: disable memory error handling on 1GB hugepage
(git fixes (mm/hwpoison)).
- commit 5bd329a
- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
- commit e44aeda
- Move the build fix for g2d driver into patches.suse
It's actaully no kABI fix but the pure build fix, hence it must be
out of patches.kabi
- commit 9c47154
- Refresh
patches.suse/IB-hfi1-Ensure-correct-mm-is-used-at-all-times.patch.
Fixed backport (removed one line too much, d'oh).
- commit 6dc4356
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
CVE-2020-27835).
- commit 39a2b87
- net: stmmac: Enable 16KB buffer size (git-fixes).
- commit f223efb
- net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
- commit 3ccc81e
- net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
- commit 05ff9e2
- net: stmmac: Do not accept invalid MTU values (git-fixes).
- commit 63ae7fc
- net: usb: lan78xx: Fix error message format specifier (git-fixes).
- commit 3dd5ee1
- caif: no need to check return value of debugfs_create functions (git-fixes).
- commit 4fb5202
- drivers/net: Use octal not symbolic permissions (git-fixes). - Refresh patches.suse/msft-hv-1661-scsi-netvsc-Use-the-vmbus-function-to-calculate-ring.patch. - Refresh patches.suse/msft-hv-1707-hv_netvsc-fix-network-namespace-issues-with-VF-suppo.patch.
- commit e4e6ab9
- net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
- commit 5d03a23
- net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes).
- commit dc3e380
- net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes).
- commit 287fdc5
- Drop uvcvideo patch that doesn't build
- commit 298bbff
- blacklist.conf: remove invalid entry, already backported
- commit a469334
- blacklist.conf: Tables not used currently in-tree
- commit 2aec284
- blacklist.conf: UP not enabled in config
- commit 9b055fe
- blacklist.conf: build fix not relevant in our config
- commit eaf3550
- docs: Fix reST markup when linking to sections (git-fixes).
- commit 2ffe4fe
- blacklist.conf: kABI
- commit 546297f
- powerpc/perf: Fix crashes with generic_compat_pmu & BHRB
(bsc#1178900 ltc#189284 git-fixes).
- commit 5b292b4
- powerpc/perf: Add generic compat mode pmu driver (bsc#1178900
ltc#189284).
- powerpc/perf: init pmu from core-book3s (bsc#1178900
ltc#189284).
- commit 2d3c61b
- x86/resctrl: Don't move a task to the same resource group
(bsc#1112178).
- commit 162f4b0
- x86/resctrl: Use an IPI instead of task_work_add() to update
PQR_ASSOC MSR (bsc#1112178).
- commit 304df7d
- net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
- commit 09d7b00
- net: bcmgenet: reapply manual settings to the PHY (git-fixes).
- commit 7d07690
- net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
- commit d3b5290
- net: phy: micrel: make sure the factory test bit is cleared
(git-fixes).
- commit 043ec37
- net: stmmac: fix length of PTP clock's name string (git-fixes).
- commit 6c3c8e0
- net: stmmac: gmac4+: Not all Unicast addresses may be available
(git-fixes).
- commit eac7cd9
- net: ethernet: stmmac: Fix signedness bug in
ipq806x_gmac_of_parse() (git-fixes).
- commit bff5c88
- net: stmmac: dwmac-meson8b: Fix signedness bug in probe
(git-fixes).
- commit 84a3dda
- net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
(git-fixes).
- commit 227f036
- blacklist.conf: update the blacklist
- commit 250ebee
- USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
- usb: gadget: configfs: Preserve function ordering after bind
failure (git-fixes).
- usb: gadget: select CONFIG_CRC32 (git-fixes).
- usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
- usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
completion (git-fixes).
- USB: yurex: fix control-URB timeout handling (git-fixes).
- usb: chipidea: ci_hdrc_imx: add missing put_device() call in
usbmisc_get_init_data() (git-fixes).
- USB: gadget: legacy: fix return error code in acm_ms_bind()
(git-fixes).
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set (git-fixes).
- dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
(git-fixes).
- dmaengine: xilinx_dma: check dma_async_device_register return
value (git-fixes).
- Revert "/device property: Keep secondary firmware node secondary
by type"/ (git-fixes).
- wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
- wil6210: select CONFIG_CRC32 (git-fixes).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
(git-fixes).
- ALSA: pcm: Clear the full allocated memory at hw_params
(git-fixes).
- misc: vmw_vmci: fix kernel info-leak by initializing dbells
in vmci_ctx_get_chkpt_doorbells() (git-fixes).
- media: gp8psk: initialize stats at power control logic
(git-fixes).
- commit 2f3aec2
- x86/mtrr: Correct the range check before performing MTRR type
lookups (bsc#1112178).
- commit 0c96651
- x86/mm: Fix leak of pmd ptlock (bsc#1112178).
- commit aeba3ea
- xen: support having only one event pending per watch
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit d884e81
- xen: revert Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 2a4a8da
- xen: revert Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6baf8b8
- xen: revert Support will_handle watch callback (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 3918801
- mm: don't wake kswapd prematurely when watermark boosting is
disabled (git fixes (mm/vmscan)).
- commit b2e95ac
- xen: revert Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 9d30f4d
- xen: revert Disallow pending watch messages (bsc#1179508
XSA-349 CVE-2020-29568).
- commit d039881
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(bsc#1179509 XSA-350 CVE-2020-29569).
- commit 1aab73c
- xenbus/xenbus_backend: Disallow pending watch messages
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0cdf358
- xen/xenbus: Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit a14bb56
- xen/xenbus/xen_bus_type: Support will_handle watch callback
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 33a4600
- xen/xenbus: Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 5ef1497
- xen/xenbus: Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6f7a44e
- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list
(bsc#1179093).
- sched/fair: Fix enqueue_task_fair() warning some more
(bsc#1179093).
- sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
- sched/fair: Fix reordering of enqueue/dequeue_task_fair()
(bsc#1179093).
- sched/fair: Reorder enqueue/dequeue_task_fair path
(bsc#1179093).
- commit 1b239da
- Drop the previous drm/nouveau fix that turned out to be superfluous (CVE-2020-25639 bsc#1176846)
- commit 001c6e5
- Move upstreamed vgacon patch into sorted section
- commit 73d2a02
- drm: bail out of nouveau_channel_new if channel init fails
(CVE-2020-25639 bsc#1176846).
- commit 55debf7
- btrfs: qgroup: don't try to wait flushing if we're already
holding a transaction (bsc#1179575).
- commit bda1cb8
- x86/i8259: Use printk_deferred() to prevent deadlock
(bsc#1112178).
- commit d166bf5
- Refresh patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch.
Refresh to v2 URL
- commit 97aafaa
- blacklist.conf: 44623b2818f4 crypto: x86/crc32c - fix building with clang ias
- commit a557330
- x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
- commit 8dd9b08
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
- commit c485186
- scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049,
git-fixes).
- commit 3730025
- Refresh
patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- commit 5851206
- EDAC/amd64: Fix PCI component registration (bsc#1112178).
- commit 522b115
- Refresh patch metadata.
- Refresh patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch.
- commit d7a2a14
- btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
- commit 1d58635
- btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206).
- commit 01c5612
- btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
- Refresh
patches.suse/revert-btrfs-qgroup-move-half-of-the-qgroup-accounting-time-out-of-commit-trans.patch.
- commit 91f3982
- python-Jinja2
-
- Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244)
- CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have
been called with untrusted user data (bsc#1181944).
Added CVE-2020-28493.patch
- python-cffi
-
- add cc2546f3388b6eeb8b18bdbe82a8c3a4c7b48ceb.patch (bsc#1182471):
Restore compatibility with Python 2.7 update
- python-cryptography
-
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
* Using the Fernet class to symmetrically encrypt multi gigabyte values
could result in an integer overflow and buffer overflow.
- tcl
-
- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc.