SUSE Image Update Advisory: SUSE ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2000:20-1 Image Tags : SUSE:SLE-15-SP3:2 Image Release : Severity : critical Type : security References : 1010047 1014440 1015243 1020320 1020320 1021387 1027353 1027519 1029162 1029961 1029961 1029961 1052900 1064976 1064978 1065729 1065729 1065729 1069412 1071559 1071995 1075263 1076963 1081164 1085030 1089434 1094840 1099260 1099260 1099263 1099263 1102408 1102775 1102912 1108471 1111122 1112009 1112033 1113013 1113040 1116625 1116807 1121426 1121426 1121428 1129925 1131960 1133021 1134353 1134353 1139944 1140341 1145864 1146853 1148868 1149205 1151927 1152472 1152489 1152489 1152489 1152489 1152964 1152968 1153275 1154353 1154353 1154353 1154353 1154355 1154492 1154502 1156395 1156395 1157177 1158955 1159131 1159886 1160242 1160414 1161007 1161276 1161850 1161907 1162581 1162882 1164565 1164720 1166780 1167213 1167416 1167603 1167618 1167773 1167773 1167773 1169263 1169514 1169614 1170216 1170269 1170672 1170774 1171479 1171520 1171688 1171962 1172073 1172301 1172460 1172670 1172863 1172973 1172974 1173143 1173604 1173646 1173746 1174003 1174075 1174504 1174504 1174961 1175508 1175609 1175610 1175825 1175892 1176089 1176132 1176164 1176242 1176243 1176447 1176447 1176447 1176447 1176536 1176544 1176545 1176546 1176548 1176558 1176559 1176628 1176774 1176774 1176774 1176914 1176940 1176940 1176940 1176956 1177028 1177212 1177437 1177440 1177460 1177902 1178021 1178134 1178134 1178134 1178207 1178236 1178270 1178351 1178490 1178561 1178942 1179009 1179191 1179211 1179275 1179314 1179424 1179426 1179427 1179465 1179599 1179699 1179898 1179899 1179900 1179901 1179902 1179903 1179945 1180064 1180100 1180125 1180125 1180314 1180353 1180355 1180451 1180454 1180461 1180618 1180668 1180749 1180786 1180914 1180995 1181004 1181147 1181148 1181201 1181202 1181223 1181361 1181400 1181452 1181507 1181591 1181595 1181710 1181744 1181836 1182009 1182026 1182026 1182169 1182218 1182252 1182252 1182287 1182289 1182345 1182345 1182345 1182345 1182345 1182404 1182591 1182645 1182653 1182804 1182863 1183034 1183070 1183137 1183247 1183374 1183511 1183534 1183540 1183659 1183709 1183858 1183897 1183905 1183906 1183909 1183998 1184214 1184318 1184382 1184439 1184519 1184522 1184522 1184616 1184617 1184620 1184673 1184783 1184794 1184804 1184812 1184924 1184935 1184970 1184994 1184994 1185016 1185055 1185075 1185132 1185299 1185302 1185382 1185383 1185384 1185385 1185386 1185387 1185388 1185389 1185390 1185391 1185392 1185393 1185405 1185424 1185465 1185524 1185534 1185550 1185588 1185638 1185677 1185702 1185726 1185726 1185762 1185762 1185768 1185902 1185951 1185952 1186037 1186040 1186044 1186063 1186071 1186099 1186109 1186203 1186260 1186332 1186398 1186489 1186495 1186503 1186602 1186735 1186738 1186756 1186761 1186798 1186799 1186819 1186819 1186819 1186823 1186910 1187044 1187115 1187153 1187167 1187190 1187190 1187196 1187211 1187224 1187270 1187270 1187270 1187273 1187414 1187425 1187466 1187470 1187512 1187541 1187547 1187572 1187654 1187668 1187670 1187673 1187704 1187708 1187738 1187751 1187760 1187774 1187818 1187819 1187852 1187857 1187880 1187911 1187939 1187958 1187958 1187993 1187998 1188018 1188043 1188043 1188063 1188067 1188139 1188153 1188156 1188159 1188160 1188161 1188178 1188211 1188211 1188212 1188223 1188258 1188278 1188279 1188282 1188284 1188291 1188291 1188302 1188315 1188344 1188401 1188418 1188435 1188548 1188563 1188564 1188565 1188588 1188601 1188623 1188651 1188653 1188697 1188713 1188713 1188713 1188717 1188727 1188768 1188869 1188875 1188891 1188921 1188941 1188977 1188986 1189017 1189031 1189126 1189154 1189158 1189166 1189234 1189241 1189241 1189257 1189260 1189287 1189287 1189297 1189304 1189325 1189343 1189345 1189346 1189362 1189363 1189398 1189403 1189422 1189441 1189446 1189454 1189461 1189480 1189480 1189481 1189547 1189547 1189609 1189643 1189649 1189649 1189702 1189769 1189798 1189799 1189803 1189805 1189818 1189841 1189841 1189841 1189874 1189884 1189933 1189938 1189983 1189984 1189989 1190006 1190023 1190040 1190052 1190053 1190053 1190054 1190054 1190055 1190055 1190056 1190056 1190057 1190057 1190059 1190062 1190067 1190069 1190069 1190105 1190114 1190115 1190123 1190138 1190141 1190151 1190159 1190164 1190166 1190177 1190199 1190215 1190230 1190234 1190244 1190250 1190256 1190265 1190265 1190269 1190269 1190274 1190275 1190276 1190294 1190300 1190325 1190326 1190330 1190349 1190351 1190356 1190358 1190373 1190374 1190375 1190394 1190396 1190401 1190405 1190406 1190420 1190425 1190432 1190440 1190440 1190446 1190446 1190455 1190465 1190467 1190479 1190487 1190488 1190489 1190493 1190509 1190512 1190515 1190523 1190523 1190534 1190538 1190543 1190544 1190552 1190558 1190561 1190566 1190576 1190587 1190589 1190589 1190595 1190596 1190598 1190598 1190602 1190607 1190611 1190612 1190615 1190616 1190617 1190618 1190620 1190620 1190626 1190640 1190642 1190645 1190649 1190649 1190649 1190649 1190649 1190665 1190666 1190669 1190679 1190693 1190695 1190696 1190701 1190702 1190703 1190705 1190710 1190712 1190717 1190718 1190719 1190722 1190723 1190726 1190729 1190733 1190734 1190735 1190739 1190741 1190743 1190746 1190751 1190758 1190784 1190785 1190790 1190793 1190795 1190795 1190801 1190815 1190820 1190821 1190824 1190826 1190828 1190839 1190845 1190850 1190858 1190866 1190867 1190875 1190885 1190896 1190915 1190917 1190929 1190933 1190940 1190941 1190945 1190964 1190975 1190984 1190984 1190987 1191015 1191019 1191054 1191109 1191114 1191121 1191122 1191123 1191123 1191130 1191130 1191139 1191139 1191144 1191160 1191172 1191193 1191200 1191222 1191224 1191229 1191240 1191241 1191242 1191252 1191260 1191267 1191271 1191274 1191282 1191286 1191292 1191299 1191300 1191302 1191303 1191304 1191305 1191306 1191313 1191315 1191317 1191324 1191332 1191332 1191334 1191339 1191340 1191341 1191347 1191348 1191349 1191350 1191355 1191358 1191363 1191367 1191370 1191375 1191377 1191384 1191395 1191408 1191412 1191412 1191418 1191422 1191431 1191432 1191434 1191435 1191442 1191444 1191449 1191450 1191451 1191452 1191455 1191456 1191460 1191468 1191468 1191473 1191480 1191495 1191500 1191504 1191507 1191508 1191538 1191551 1191563 1191566 1191592 1191601 1191601 1191602 1191602 1191609 1191613 1191619 1191628 1191628 1191630 1191643 1191645 1191652 1191656 1191663 1191668 1191675 1191702 1191717 1191731 1191736 1191782 1191788 1191790 1191793 1191800 1191804 1191804 1191810 1191815 1191821 1191830 1191851 1191856 1191867 1191876 1191899 1191901 1191901 1191902 1191903 1191903 1191904 1191904 1191904 1191905 1191905 1191906 1191906 1191909 1191909 1191909 1191910 1191910 1191910 1191911 1191911 1191911 1191912 1191912 1191913 1191913 1191913 1191914 1191914 1191914 1191917 1191922 1191929 1191934 1191935 1191937 1191958 1191958 1191961 1191966 1191968 1191968 1191980 1191987 1192013 1192017 1192019 1192023 1192040 1192041 1192045 1192050 1192052 1192053 1192062 1192063 1192067 1192074 1192103 1192104 1192107 1192124 1192126 1192145 1192146 1192151 1192160 1192161 1192161 1192177 1192183 1192185 1192214 1192215 1192217 1192229 1192246 1192247 1192248 1192249 1192250 1192250 1192267 1192267 1192267 1192270 1192272 1192273 1192283 1192284 1192288 1192298 1192320 1192321 1192328 1192337 1192346 1192348 1192375 1192377 1192377 1192378 1192378 1192423 1192436 1192437 1192460 1192467 1192473 1192489 1192497 1192498 1192505 1192507 1192511 1192516 1192516 1192516 1192516 1192522 1192529 1192549 1192554 1192556 1192557 1192559 1192560 1192568 1192569 1192580 1192589 1192601 1192606 1192618 1192688 1192691 1192717 1192718 1192736 1192740 1192745 1192750 1192753 1192758 1192781 1192802 1192830 1192840 1192845 1192847 1192849 1192858 1192869 1192874 1192877 1192896 1192906 1192916 1192918 1192931 1192946 1192969 1192987 1192990 1192998 1193002 1193030 1193041 1193042 1193054 1193139 1193169 1193170 1193179 1193181 1193184 1193236 1193255 1193306 1193314 1193314 1193318 1193321 1193328 1193349 1193356 1193365 1193366 1193369 1193429 1193430 1193436 1193437 1193440 1193442 1193450 1193480 1193481 1193485 1193485 1193512 1193521 1193532 1193533 1193557 1193597 1193597 1193598 1193598 1193623 1193627 1193655 1193660 1193662 1193669 1193711 1193718 1193719 1193727 1193737 1193759 1193784 1193845 1193901 1193907 1193912 1193913 1193927 1193930 1193942 1193943 1193981 1193993 1194001 1194006 1194019 1194020 1194027 1194041 1194045 1194045 1194087 1194087 1194094 1194094 1194102 1194162 1194178 1194198 1194203 1194215 1194232 1194251 1194266 1194302 1194303 1194304 1194333 1194338 1194362 1194469 1194474 1194476 1194477 1194478 1194479 1194480 1194493 1194511 1194511 1194512 1194512 1194513 1194513 1194514 1194514 1194516 1194517 1194518 1194529 1194547 1194578 1194580 1194584 1194586 1194587 1194589 1194590 1194591 1194592 1194593 1194601 1194663 1194735 1194767 1194767 1194767 1194888 1194953 1194985 14571 933411 933411 933411 951189 951562 951562 970662 970663 971784 991940 CVE-2011-5325 CVE-2011-5325 CVE-2015-9261 CVE-2016-2124 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2016-9939 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-1000517 CVE-2018-18065 CVE-2018-18586 CVE-2018-20679 CVE-2018-20679 CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2019-20838 CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2019-5747 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2020-12762 CVE-2020-13645 CVE-2020-13753 CVE-2020-14155 CVE-2020-14312 CVE-2020-14409 CVE-2020-14410 CVE-2020-15862 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-20891 CVE-2020-20892 CVE-2020-20895 CVE-2020-20896 CVE-2020-20899 CVE-2020-20902 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2020-22037 CVE-2020-22042 CVE-2020-23903 CVE-2020-24504 CVE-2020-25717 CVE-2020-25717 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2020-27820 CVE-2020-27918 CVE-2020-28935 CVE-2020-29361 CVE-2020-29623 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2020-35965 CVE-2020-36129 CVE-2020-36130 CVE-2020-36131 CVE-2020-36135 CVE-2020-3702 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-0941 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-20176 CVE-2021-20196 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294 CVE-2021-20322 CVE-2021-2163 CVE-2021-21703 CVE-2021-21707 CVE-2021-21806 CVE-2021-21996 CVE-2021-21996 CVE-2021-22116 CVE-2021-22880 CVE-2021-22946 CVE-2021-22947 CVE-2021-22959 CVE-2021-22959 CVE-2021-22960 CVE-2021-22960 CVE-2021-23192 CVE-2021-23214 CVE-2021-23214 CVE-2021-23214 CVE-2021-23214 CVE-2021-23222 CVE-2021-23222 CVE-2021-23222 CVE-2021-23222 CVE-2021-2341 CVE-2021-2369 CVE-2021-25219 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-27291 CVE-2021-28041 CVE-2021-28116 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-28831 CVE-2021-28831 CVE-2021-29980 CVE-2021-29981 CVE-2021-29981 CVE-2021-29982 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-29991 CVE-2021-30465 CVE-2021-30474 CVE-2021-30485 CVE-2021-30640 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30851 CVE-2021-30858 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 CVE-2021-31799 CVE-2021-31810 CVE-2021-31916 CVE-2021-32066 CVE-2021-32280 CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-32718 CVE-2021-32719 CVE-2021-32760 CVE-2021-32762 CVE-2021-32810 CVE-2021-32810 CVE-2021-32839 CVE-2021-33033 CVE-2021-33037 CVE-2021-33098 CVE-2021-33430 CVE-2021-33574 CVE-2021-33910 CVE-2021-3426 CVE-2021-3448 CVE-2021-34798 CVE-2021-3481 CVE-2021-34866 CVE-2021-3487 CVE-2021-34981 CVE-2021-3542 CVE-2021-35550 CVE-2021-35550 CVE-2021-35556 CVE-2021-35556 CVE-2021-35556 CVE-2021-35559 CVE-2021-35559 CVE-2021-35559 CVE-2021-35560 CVE-2021-35561 CVE-2021-35561 CVE-2021-35564 CVE-2021-35564 CVE-2021-35564 CVE-2021-35565 CVE-2021-35565 CVE-2021-35565 CVE-2021-35567 CVE-2021-35567 CVE-2021-35578 CVE-2021-35578 CVE-2021-35578 CVE-2021-35586 CVE-2021-35586 CVE-2021-35586 CVE-2021-35588 CVE-2021-35588 CVE-2021-35603 CVE-2021-35603 CVE-2021-35604 CVE-2021-3566 CVE-2021-3572 CVE-2021-3572 CVE-2021-3572 CVE-2021-35942 CVE-2021-36160 CVE-2021-36386 CVE-2021-3655 CVE-2021-3669 CVE-2021-3713 CVE-2021-3715 CVE-2021-37159 CVE-2021-3733 CVE-2021-3733 CVE-2021-3737 CVE-2021-3737 CVE-2021-3738 CVE-2021-3744 CVE-2021-3748 CVE-2021-3752 CVE-2021-3760 CVE-2021-37600 CVE-2021-3764 CVE-2021-37701 CVE-2021-37701 CVE-2021-37712 CVE-2021-37712 CVE-2021-37713 CVE-2021-37713 CVE-2021-3772 CVE-2021-38092 CVE-2021-38093 CVE-2021-38094 CVE-2021-38297 CVE-2021-38297 CVE-2021-38492 CVE-2021-38492 CVE-2021-38493 CVE-2021-38495 CVE-2021-38495 CVE-2021-38496 CVE-2021-38496 CVE-2021-38497 CVE-2021-38497 CVE-2021-38498 CVE-2021-38498 CVE-2021-38500 CVE-2021-38500 CVE-2021-38501 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38503 CVE-2021-38504 CVE-2021-38504 CVE-2021-38505 CVE-2021-38505 CVE-2021-38506 CVE-2021-38506 CVE-2021-38507 CVE-2021-38507 CVE-2021-38508 CVE-2021-38508 CVE-2021-38509 CVE-2021-38509 CVE-2021-38510 CVE-2021-38510 CVE-2021-3896 CVE-2021-39134 CVE-2021-39134 CVE-2021-39135 CVE-2021-39135 CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2021-39272 CVE-2021-39272 CVE-2021-39275 CVE-2021-39293 CVE-2021-39293 CVE-2021-3933 CVE-2021-3941 CVE-2021-39537 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 CVE-2021-3997 CVE-2021-4001 CVE-2021-4002 CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 CVE-2021-40348 CVE-2021-40438 CVE-2021-40490 CVE-2021-40529 CVE-2021-4083 CVE-2021-41035 CVE-2021-4104 CVE-2021-41079 CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41099 CVE-2021-41103 CVE-2021-41133 CVE-2021-4122 CVE-2021-4126 CVE-2021-4135 CVE-2021-4140 CVE-2021-4147 CVE-2021-4149 CVE-2021-41496 CVE-2021-4156 CVE-2021-41617 CVE-2021-41771 CVE-2021-41771 CVE-2021-41772 CVE-2021-41772 CVE-2021-41864 CVE-2021-4197 CVE-2021-41990 CVE-2021-41991 CVE-2021-42008 CVE-2021-4202 CVE-2021-42252 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVE-2021-42739 CVE-2021-42762 CVE-2021-42771 CVE-2021-43056 CVE-2021-43389 CVE-2021-43527 CVE-2021-43528 CVE-2021-43536 CVE-2021-43536 CVE-2021-43537 CVE-2021-43537 CVE-2021-43538 CVE-2021-43538 CVE-2021-43539 CVE-2021-43539 CVE-2021-43541 CVE-2021-43541 CVE-2021-43542 CVE-2021-43542 CVE-2021-43543 CVE-2021-43543 CVE-2021-43545 CVE-2021-43545 CVE-2021-43546 CVE-2021-43546 CVE-2021-43565 CVE-2021-43618 CVE-2021-43784 CVE-2021-43975 CVE-2021-43976 CVE-2021-44224 CVE-2021-44531 CVE-2021-44531 CVE-2021-44532 CVE-2021-44532 CVE-2021-44533 CVE-2021-44533 CVE-2021-44538 CVE-2021-44716 CVE-2021-44716 CVE-2021-44717 CVE-2021-44717 CVE-2021-44790 CVE-2021-45417 CVE-2021-45463 CVE-2021-45463 CVE-2021-45485 CVE-2021-45485 CVE-2021-45486 CVE-2021-45486 CVE-2021-45942 CVE-2021-45944 CVE-2021-45949 CVE-2021-45960 CVE-2021-46143 CVE-2021-46283 CVE-2022-0175 CVE-2022-0185 CVE-2022-0322 CVE-2022-21658 CVE-2022-21658 CVE-2022-21658 CVE-2022-21824 CVE-2022-21824 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ----------------------------------------------------------------- The container SUSE was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:444-1 Released: Fri Feb 12 08:46:46 2021 Summary: Recommended update for libmodulemd Type: recommended Severity: low References: 1181004 This update for libmodulemd fixes the following issues: - Fixed a building issue for 32-bit architectures ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1477-1 Released: Tue May 4 14:04:28 2021 Summary: Recommended update for libmodulemd Type: recommended Severity: low References: This update for libmodulemd fixes the following issues: - Added support for 'buildorder' to Packager documents - Fixed an issue with ModuleIndex when input contains only Obsoletes documents - Extended read_packager_[file|string]() to support overriding the module name and stream - Ignore Packager documents when running ModuleIndex.update_from_*() - Added python overrides for XMD in PackagerV3 - Added python override to ignore the GType return when reading packager files - Added PackagerV3.get_mdversion() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2670-1 Released: Thu Aug 12 12:04:06 2021 Summary: Recommended update for libmodulemd Type: recommended Severity: moderate References: This recommended update for libmodulemd fixes the following issues: Provide libmodulemd (jsc#ECO-3458) - Make available libmodulemd to Basesystem Module 15 SP2 - Make available libmodulemd to Basesystem Module 15 SP3 - Make the package 'createrepo_c' installable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3227-1 Released: Mon Sep 27 09:50:51 2021 Summary: Recommended update for createrepo_c, libmodulemd, and zchunk Type: recommended Severity: moderate References: This update for createrepo_c fixes the following issues: createrepo_c: - Does no longer perform a dir walk when --recycle-pkglist is specified - Added automatic module metadata handling for repos - Fixed a couple of memory leaks - Added --arch-expand option - Added --recycle-pkglist option - Set global_exit_status on sigint so that .repodata are cleaned up - Enhance error handling when locating repositories libmodulemd: - Just a rebuild of the package, no source changes zchunk: - Initial shipment of zchunk to SUSE Linux Enterprise ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3292-1 Released: Wed Oct 6 16:46:16 2021 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1190589,CVE-2021-39293 This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. (bas#) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3293-1 Released: Wed Oct 6 16:47:31 2021 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1186761,CVE-2020-22042 This update for ffmpeg fixes the following issues: - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3301-1 Released: Wed Oct 6 16:58:33 2021 Summary: Security update for libcryptopp Type: security Severity: moderate References: 1015243,CVE-2016-9939 This update for libcryptopp fixes the following issues: - CVE-2016-9939: Fixed potential DoS in Crypto++ (libcryptopp) ASN.1 parser (bsc#1015243). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3304-1 Released: Wed Oct 6 18:11:33 2021 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1172670,1183070,1184616,1186037 This update for kdump fixes the following issues: - Do not iterate past end of string (bsc#1186037). - Fix incorrect exit code checking after 'local' with assignment (bsc#1184616). - Avoid an endless loop when resolving a hostname fails with EAI_AGAIN (bsc#1183070). - Install /etc/resolv.conf using its resolved path (bsc#1183070). - Make sure that initrd.target.wants directory exists (bsc#1172670). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3306-1 Released: Wed Oct 6 18:11:57 2021 Summary: Recommended update for numactl Type: recommended Severity: moderate References: This update for numactl fixes the following issues: - Fix System call numbers on s390x. - Debug verify for --preferred option. - Description for the usage of numactl. - Varios memleacks on source files: sysfs.c, shm.c and numactl.c - Description for numa_node_size64 and definition for numa_node_size in manpage. - link with -latomic when needed. - Clear race conditions on numa_police_memory(). - numademo: Use first two nodes instead of node 0 and 1 - Enhance _service settings - Enable automake ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3307-1 Released: Wed Oct 6 18:12:07 2021 Summary: Recommended update for virt-what Type: recommended Severity: moderate References: 1161850,1176132 This update for virt-what fixes the following issues: - Nutanix Acropolis Hypervisor detection - podman detection - Add 'which' to requires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3309-1 Released: Wed Oct 6 18:12:31 2021 Summary: Recommended update for google-roboto-mono-fonts Type: recommended Severity: low References: This update for google-roboto-mono-fonts fixes the following issue: - Add google-roboto-mono-fonts. (jsc#SLE-21182, jsc#SLE-17946, jsc#SLE-17947) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3311-1 Released: Wed Oct 6 18:12:56 2021 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1188768 This update for perl-Bootloader fixes the following issues: - Report error if config file could not be updated (bsc#1188768). - Fix typo in update-bootloader. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3312-1 Released: Wed Oct 6 18:13:09 2021 Summary: Recommended update for yast2-installation Type: recommended Severity: moderate References: 1186044 This update for yast2-installation fixes the following issues: - Display release notes during upgrade. (bsc#1186044) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3314-1 Released: Wed Oct 6 18:13:38 2021 Summary: Recommended update for xerces-c Type: recommended Severity: moderate References: 1190105 This update for xerces-c fixes the following issues: - release libxerces-c-3_1 for SLE-15.3 (bsc#1190105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3315-1 Released: Wed Oct 6 19:29:43 2021 Summary: Recommended update for go1.17 Type: recommended Severity: moderate References: 1190589,1190649,CVE-2021-39293 This update for go1.17 fixes the following issues: This is the initial go 1.17 shipment. go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip package, as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand, embed, go/types, html/template, and net/http packages. (bsc#1190649) CVE-2021-39293: Fixed an overflow in preallocation check that can cause OOM panic in archive/zip (bsc#1190589) go1.17 (released 2021-08-16) is a major release of Go. go1.17.x minor releases will be provided through August 2022. See https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (bsc#1190649) * See release notes https://golang.org/doc/go1.17. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * The compiler now implements a new way of passing function arguments and results using registers instead of the stack. Benchmarks for a representative set of Go packages and programs show performance improvements of about 5%, and a typical reduction in binary size of about 2%. This is currently enabled for Linux, macOS, and Windows on the 64-bit x86 architecture (the linux/amd64, darwin/amd64, and windows/amd64 ports). This change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code. * When the linker uses external linking mode, which is the default when linking a program that uses cgo, and the linker is invoked with a -I option, the option will now be passed to the external linker as a -Wl,--dynamic-linker option. * The runtime/cgo package now provides a new facility that allows to turn any Go values to a safe representation that can be used to pass values between C and Go safely. See runtime/cgo.Handle for more information. * ARM64 Go programs now maintain stack frame pointers on the 64-bit ARM architecture on all operating systems. Previously, stack frame pointers were only enabled on Linux, macOS, and iOS. * Pruned module graphs in go 1.17 modules: If a module specifies go 1.17 or higher, the module graph includes only the immediate dependencies of other go 1.17 modules, not their full transitive dependencies. To convert the go.mod file for an existing module to Go 1.17 without changing the selected versions of its dependencies, run: go mod tidy -go=1.17 By default, go mod tidy verifies that the selected versions of dependencies relevant to the main module are the same versions that would be used by the prior Go release (Go 1.16 for a module that specifies go 1.17), and preserves the go.sum entries needed by that release even for dependencies that are not normally needed by other commands. The -compat flag allows that version to be overridden to support older (or only newer) versions, up to the version specified by the go directive in the go.mod file. To tidy a go 1.17 module for Go 1.17 only, without saving checksums for (or checking for consistency with) Go 1.16: go mod tidy -compat=1.17 Note that even if the main module is tidied with -compat=1.17, users who require the module from a go 1.16 or earlier module will still be able to use it, provided that the packages use only compatible language and library features. The go mod graph subcommand also supports the -go flag, which causes it to report the graph as seen by the indicated Go version, showing dependencies that may otherwise be pruned out. * Module deprecation comments: Module authors may deprecate a module by adding a // Deprecated: comment to go.mod, then tagging a new version. go get now prints a warning if a module needed to build packages named on the command line is deprecated. go list -m -u prints deprecations for all dependencies (use -f or -json to show the full message). The go command considers different major versions to be distinct modules, so this mechanism may be used, for example, to provide users with migration instructions for a new major version. * go get -insecure flag is deprecated and has been removed. To permit the use of insecure schemes when fetching dependencies, please use the GOINSECURE environment variable. The -insecure flag also bypassed module sum validation, use GOPRIVATE or GONOSUMDB if you need that functionality. See go help environment for details. * go get prints a deprecation warning when installing commands outside the main module (without the -d flag). go install cmd@version should be used instead to install a command at a specific version, using a suffix like @latest or @v1.2.3. In Go 1.18, the -d flag will always be enabled, and go get will only be used to change dependencies in go.mod. * go.mod files missing go directives: If the main module's go.mod file does not contain a go directive and the go command cannot update the go.mod file, the go command now assumes go 1.11 instead of the current release. (go mod init has added go directives automatically since Go 1.12.) If a module dependency lacks an explicit go.mod file, or its go.mod file does not contain a go directive, the go command now assumes go 1.16 for that dependency instead of the current release. (Dependencies developed in GOPATH mode may lack a go.mod file, and the vendor/modules.txt has to date never recorded the go versions indicated by dependencies' go.mod files.) * vendor contents: If the main module specifies go 1.17 or higher, go mod vendor now annotates vendor/modules.txt with the go version indicated by each vendored module in its own go.mod file. The annotated version is used when building the module's packages from vendored source code. If the main module specifies go 1.17 or higher, go mod vendor now omits go.mod and go.sum files for vendored dependencies, which can otherwise interfere with the ability of the go command to identify the correct module root when invoked within the vendor tree. * Password prompts: The go command by default now suppresses SSH password prompts and Git Credential Manager prompts when fetching Git repositories using SSH, as it already did previously for other Git password prompts. Users authenticating to private Git repos with password-protected SSH may configure an ssh-agent to enable the go command to use password-protected SSH keys. * go mod download: When go mod download is invoked without arguments, it will no longer save sums for downloaded module content to go.sum. It may still make changes to go.mod and go.sum needed to load the build list. This is the same as the behavior in Go 1.15. To save sums for all modules, use: go mod download all * The go command now understands //go:build lines and prefers them over // +build lines. The new syntax uses boolean expressions, just like Go, and should be less error-prone. As of this release, the new syntax is fully supported, and all Go files should be updated to have both forms with the same meaning. To aid in migration, gofmt now automatically synchronizes the two forms. For more details on the syntax and migration plan, see https://golang.org/design/draft-gobuild. * go run now accepts arguments with version suffixes (for example, go run example.com/cmd@v1.0.0). This causes go run to build and run packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for running executables without installing them or without changing dependencies of the current module. * The format of stack traces from the runtime (printed when an uncaught panic occurs, or when runtime.Stack is called) is improved. * TLS strict ALPN: When Config.NextProtos is set, servers now enforce that there is an overlap between the configured protocols and the ALPN protocols advertised by the client, if any. If there is no mutually supported protocol, the connection is closed with the no_application_protocol alert, as required by RFC 7301. This helps mitigate the ALPACA cross-protocol attack. As an exception, when the value 'h2' is included in the server's Config.NextProtos, HTTP/1.1 clients will be allowed to connect as if they didn't support ALPN. See issue go#46310 for more information. * crypto/ed25519: The crypto/ed25519 package has been rewritten, and all operations are now approximately twice as fast on amd64 and arm64. The observable behavior has not otherwise changed. * crypto/elliptic: CurveParams methods now automatically invoke faster and safer dedicated implementations for known curves (P-224, P-256, and P-521) when available. Note that this is a best-effort approach and applications should avoid using the generic, not constant-time CurveParams methods and instead use dedicated Curve implementations such as P256. The P521 curve implementation has been rewritten using code generated by the fiat-crypto project, which is based on a formally-verified model of the arithmetic operations. It is now constant-time and three times faster on amd64 and arm64. The observable behavior has not otherwise changed. * crypto/tls: The new Conn.HandshakeContext method allows the user to control cancellation of an in-progress TLS handshake. The provided context is accessible from various callbacks through the new ClientHelloInfo.Context and CertificateRequestInfo.Context methods. Canceling the context after the handshake has finished has no effect. Cipher suite ordering is now handled entirely by the crypto/tls package. Currently, cipher suites are sorted based on their security, performance, and hardware support taking into account both the local and peer's hardware. The order of the Config.CipherSuites field is now ignored, as well as the Config.PreferServerCipherSuites field. Note that Config.CipherSuites still allows applications to choose what TLS 1.0–1.2 cipher suites to enable. The 3DES cipher suites have been moved to InsecureCipherSuites due to fundamental block size-related weakness. They are still enabled by default but only as a last resort, thanks to the cipher suite ordering change above. Beginning in the next release, Go 1.18, the Config.MinVersion for crypto/tls clients will default to TLS 1.2, disabling TLS 1.0 and TLS 1.1 by default. Applications will be able to override the change by explicitly setting Config.MinVersion. This will not affect crypto/tls servers. * crypto/x509: CreateCertificate now returns an error if the provided private key doesn't match the parent's public key, if any. The resulting certificate would have failed to verify. * crypto/x509: The temporary GODEBUG=x509ignoreCN=0 flag has been removed. * crypto/x509: ParseCertificate has been rewritten, and now consumes ~70% fewer resources. The observable behavior has not otherwise changed, except for error messages. * crypto/x509: Beginning in the next release, Go 1.18, crypto/x509 will reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated in 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015. * go/build: The new Context.ToolTags field holds the build tags appropriate to the current Go toolchain configuration. * net/http package now uses the new (*tls.Conn).HandshakeContext with the Request context when performing TLS handshakes in the client or server. * syscall: On Unix-like systems, the process group of a child process is now set with signals blocked. This avoids sending a SIGTTOU to the child when the parent is in a background process group. * time: The new Time.IsDST method can be used to check whether the time is in Daylight Savings Time in its configured location. * time: The new Time.UnixMilli and Time.UnixMicro methods return the number of milliseconds and microseconds elapsed since January 1, 1970 UTC respectively. * time: The new UnixMilli and UnixMicro functions return the local Time corresponding to the given Unix time. - Add bash scripts used by go tool commands to provide a more complete cross-compiling go toolchain install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3317-1 Released: Wed Oct 6 19:30:39 2021 Summary: Recommended update for postgresql10 Type: recommended Severity: moderate References: 1179945,1185952,1187751,1190177 This update for postgresql10 fixes the following issues: - Upgrade to version 10.18. (bsc#1190177) - A dump/restore is not required for those running 10.X. - if you are upgrading from a version older than 10.16 a reindexing of indexes after the upgrade may be advisable. - Allow PostgreSQL version 10 to build with ICU 69 and newer - Clarify error messages referring to 'non-negative' values - Fix incorrect log message when 'point-in-time' recovery stops at a 'ROLLBACK PREPARED' record - In 'contrib/postgres_fdw', avoid attempting catalog lookups after an error - Messages about data conversion errors will now mention the query's table and column aliases (if used) rather than the true underlying name of a foreign table or column. - Avoid problems when 'switching pg_receivewal' between compressed and non-compressed 'WAL' storage - Extend 'pg_upgrade' to detect and warn about extensions that should be upgraded. - Make 'pg_upgrade' carry forward the old installation's 'oldestXID' value. - This solves unwanted forced shutdowns happening soon after an upgrade in particular on installations using large values of 'autovacuum_freeze_max_age'. - Avoid 'invalid creation date in header' warnings observed when running 'pg_restore' on an archive file created in a different time zone. - In psql and other client programs, avoid overrunning the ends of strings when dealing with invalidly-encoded data. - Don't abort the process for an out-of-memory failure in libpq's printing functions - Fix uninitialized-variable bug that could cause 'PL/pgSQL' to act as though an 'INTO' clause specified 'STRICT', even though it didn't. - Fix latent crash in sorting code - Fix possible race condition when releasing BackgroundWorkerSlots - Solve a build issue fix build with 'llvm12' on s390x. (bsc#1185952) - Re-enable 'icu' for 'PostgreSQL 10'. (bsc#1179945) - Relax the dependency of 'postgresqlXX-server-devel' on 'llvm' and 'clang'. (bsc#1187751) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3321-1 Released: Thu Oct 7 15:46:40 2021 Summary: Recommended update for autoyast2 Type: recommended Severity: moderate References: 1176089,1188153,1190696 This update for autoyast2 fixes the following issues: - Update elements on rules.xml schema: Add the 'hostname' (bsc#1190696). Add Installed_product and installed_product_version (boo#1176089). Add Dialog section (bsc#1188153). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3325-1 Released: Sat Oct 9 19:45:01 2021 Summary: Security update for rabbitmq-server Type: security Severity: moderate References: 1185075,1186203,1187818,1187819,CVE-2021-22116,CVE-2021-32718,CVE-2021-32719 This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI (bsc#1187818). - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin (bsc#1187819). - CVE-2021-22116: Fixed improper input validation may lead to DoS (bsc#1186203). - Use /run instead of /var/run in tmpfiles.d configuration (bsc#1185075). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low References: 1189454 This optional update for coreutils fixes the following issue: - Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3328-1 Released: Mon Oct 11 11:48:14 2021 Summary: Recommended update for patterns-sap Type: recommended Severity: moderate References: This update for patterns-sap fixes the following issue: - Remove 'libssh2-1' from SAP-HANA pattern (jsc#SLE-20033) - 'libssh2-1' is not longer needed for newer HANA 2.0 versions - Adjust the 'patterns-sap' version to 15.3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3338-1 Released: Tue Oct 12 11:06:00 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: rt5682: Implement remove callback (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649). - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes). - bpf: Fix ringbuf helper function compatibility (git-fixes). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - devlink: Clear whole devlink_flash_notify struct (bsc#1176447). - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/ast: Fix missing conversions to managed API (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/i915: Allow the sysadmin to override security mitigations (git-fixes). - drm/i915/rkl: Remove require_force_probe protection (bsc#1189257). - drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - enetc: Fix uninitialized struct dim_sample field usage (git-fixes). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - i40e: improve locking of mac_filter_hash (jsc#SLE-13701). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878). - ice: do not remove netdev->dev_addr from uc sync list (git-fixes). - ice: Prevent probing virtual functions (git-fixes). - igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ionic: drop useless check of PCI driver data validity (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes). - libbpf: Fix the possible memory leak on error (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes). - misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme-multipath: revalidate paths during rescan (bsc#1187211). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - optee: Fix memory leak when failing to register shm pages (git-fixes). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777). - RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sch_cake: fix srchost/dsthost hashing mode (bsc#1176447). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576). - selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes). - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes). - selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3343-1 Released: Tue Oct 12 13:00:09 2021 Summary: Recommended update for pacemaker Type: recommended Severity: moderate References: 1177212,1180618,1181744,1187414,1188653 This update for pacemaker fixes the following issues: - controller: ensure newly joining node learns the node names of non-DCs. (bsc#1180618) - libcrmcommon: Correctly handle case-sensitive ids of xml objects when changing a value. (bsc#1187414) - libpe_status: handle pending migrations correctly. (bsc#1177212) - scheduler: add test for probe of unmanaged resource on pending node (bsc#1188653): scheduler: update existing tests for probe scheduling change. scheduler: don't schedule probes of unmanaged resources on pending nodes. - controld-fencing: add notice-log for successful fencer-connect (bsc#1181744): controld-fencing: remove-notifications upon connection-destroy. fenced: Remove relayed stonith operation. fence-history: resync fence-history after fenced crash. fence-history: add notification upon history-synced. fence-history: fail leftover pending-actions after fenced-restart. st_client: make safe to remove notifications from notifications. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3349-1 Released: Tue Oct 12 13:21:48 2021 Summary: Recommended update for libgphoto2 Type: recommended Severity: moderate References: 1172301 This update for libgphoto2 fixes the following issues: libgphoto2 was updated to the 2.5.27 release (jsc#SLE-21615) - Lots of new camera models added. - Camera support enhanced for Sony Alpha, Fuji XT, Nikon Z, Canon EOS R, Panasonic Lumix, Leica SL, ... - Better support for files over 4GB - Lumix Wifi, Docupen support added. - Lots of bugfixes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3350-1 Released: Tue Oct 12 13:22:31 2021 Summary: Security update for libaom Type: security Severity: low References: 1186799,CVE-2021-30474 This update for libaom fixes the following issues: - CVE-2021-30474: Fixed use-after-free in aom_dsp/grain_table.c (bsc#1186799). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3353-1 Released: Tue Oct 12 13:23:34 2021 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1188697,1190701,CVE-2021-21806,CVE-2021-30858 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3354-1 Released: Tue Oct 12 13:24:08 2021 Summary: Security update for libqt5-qtsvg Type: security Severity: moderate References: 1184783,CVE-2021-3481 This update for libqt5-qtsvg fixes the following issues: - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file. (bsc#1184783) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3390-1 Released: Tue Oct 12 18:53:38 2021 Summary: Recommended update for fcoe-utils Type: recommended Severity: moderate References: 1010047,1182804 This update for fcoe-utils fixes the following issues: Update to version 1.0.34 (bsc#1182804) - Fix 21 string-op truncation, format truncation, and format overflow errors - Use of uninitialized values detected during LTO - fix VLAN device name overflow check - Fix an issue caused by 'safe_makepath' change in 'libopenfcoe.c' - Char can be unsigned on ARM, so set signed explicitly as the check expects it can be negative - Handle NIC names longer than 7 characters. (bsc#1010047) - Change debug->log message if daemon running - Remove references to 'open-fcoe.org' - Fix two gcc-11 compiler warnings. - Exit 'fcoemon' command if 'fcoemon' daemon is already running. - Update systemd service files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3392-1 Released: Tue Oct 12 19:01:24 2021 Summary: Recommended update for rsync Type: recommended Severity: important References: 1188258 This update for rsync fixes the following issues: - Fix a memory protection issue in 'iconv' (bsc#1188258) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3395-1 Released: Tue Oct 12 19:07:18 2021 Summary: Recommended update for sbd Type: recommended Severity: important References: 1187547,1189398 This update for sbd fixes the following issues: Update to version 1.5.0+20210720.f4ca41f - 'sbd-inquisitor': - Implement default delay start for diskless 'sbd'. (bsc#1189398) - Sanitize numeric arguments. - Tolerate and strip any leading spaces of command line option values. (bsc#1187547) - Tell the actual watchdog device specified with '-w'. (bsc#1187547) Important notes on 'sync_resource_startup_default': - This configuration has to be in sync with the configuration in 'pacemaker' where it is called 'sbd_sync'. The syncing enabled per default will lead to syncing enabled on upgrade without adaption of the config. The setting can still be overruled via 'sysconfig'. The setting in the 'config-template' packaged will follow the default if it is left empty. It is possible to have the setting in the 'config-template' deviate from the default by setting it to an explicit 'yes' or 'no'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3397-1 Released: Tue Oct 12 19:07:43 2021 Summary: Recommended update for mariadb Type: recommended Severity: moderate References: 1182218 This update for mariadb fixes the following issue: - Remove ownership of '%{_rpmconfigdir}/macros.d' that belongs to RPM. (bsc#1182218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3398-1 Released: Tue Oct 12 19:07:55 2021 Summary: Recommended update for gnome-packagekit Type: recommended Severity: moderate References: 1190330 This update for gnome-packagekit fixes the following issue: - List all the available updates when getting system updates. (bsc#1190330) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3399-1 Released: Tue Oct 12 19:08:17 2021 Summary: Recommended update for NetworkManager Type: recommended Severity: moderate References: 1116625 This update for NetworkManager fixes the following issues: - Exclude 'systemd.automount' from NFS processing and avoid failures after a suspend/resume cycle. (bsc#1116625) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3400-1 Released: Wed Oct 13 08:15:28 2021 Summary: Recommended update for emacs Type: recommended Severity: moderate References: 1178942,1180353 This update for emacs fixes the following issues: - Fixed an issue when emacs hangs in isearch. (bsc#1178942) - Fix for a possible segmentation fault in case of stack overflow of etags. (bsc#1180353) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3402-1 Released: Wed Oct 13 10:39:58 2021 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: This update for 389-ds fixes the following issues: - rebase lib389 and cockpit in 1.4.4 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) - Account Policy plugin does not set the config entry DN - Add support for nsslapd-state to CLI and UI - IPA failure in ipa user-del --preserve - backport lib389 cert list fix - dsidm command crashing when account policy plugin is enabled - db reindex corrupts RUV tombstone nsuiqueid index - Fix retro cl trimming misuse of monotonic/realtime clocks ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3406-1 Released: Wed Oct 13 10:40:44 2021 Summary: Recommended update for ServiceReport Type: recommended Severity: moderate References: This update for ServiceReport fixes the following issues: - ServiceReport v2.2.3 release.(jsc#18193) - Added hardening to systemd service(s). - Run-on supported architectures only. - [fadump] Update crashkernel recommendation. - [Daemon] check active status along with enabled. - Take crashkernel recommendation from kdump-lib.sh scripts. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3407-1 Released: Wed Oct 13 10:40:49 2021 Summary: Recommended update for resource-agents Type: recommended Severity: low References: 1180668 This update for resource-agents fixes the following issues: - Live migration fails in some scenarios. (bsc#1180668) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3409-1 Released: Wed Oct 13 10:41:02 2021 Summary: Recommended update for libGLw Type: recommended Severity: low References: 1191122 This update for libGLw fixes the following issue: - fix libGLw.so symlink of devel package. (bsc#1191122) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1191242 This update for xkeyboard-config fixes the following issue: - Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189441,1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) - Fixed an issue where initrd was not always rebuilding after installing any kernel-*-extra package (bsc#1189441) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3448-1 Released: Fri Oct 15 09:12:28 2021 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: 1191431,1191432 This update for scap-security-guide fixes the following issues: The scap-security-guide was updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SUSE Linux Enterprise 12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3451-1 Released: Sat Oct 16 10:49:25 2021 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1188891,1189547,1190269,1190274,1190710,1191332,CVE-2021-29980,CVE-2021-29981,CVE-2021-29982,CVE-2021-29983,CVE-2021-29984,CVE-2021-29985,CVE-2021-29986,CVE-2021-29987,CVE-2021-29988,CVE-2021-29989,CVE-2021-29990,CVE-2021-29991,CVE-2021-32810,CVE-2021-38492,CVE-2021-38495,CVE-2021-38496,CVE-2021-38497,CVE-2021-38498,CVE-2021-38500,CVE-2021-38501 This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Release 91.2.0 ESR: * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332): * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Fixed Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Release 91.1.0 ESR: * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Release 91.0.1esr ESR: * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3465-1 Released: Tue Oct 19 13:12:46 2021 Summary: Recommended update for cloud-regionsrv Type: recommended Severity: moderate References: 1190250 This update for cloud-regionsrv contains the following fixes: - Update to version 8.1.2 (bsc#1190250) + Place certificate key in proper destination - Update to version 8.1.1 (bsc#1190250) + Use a cross-filesystem compatible method to move certificates ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3467-1 Released: Tue Oct 19 13:16:09 2021 Summary: Security update for strongswan Type: security Severity: important References: 1191367,1191435,CVE-2021-41990,CVE-2021-41991 This update for strongswan fixes the following issues: A feature was added: - Add auth_els plugin to support Marvell FC-SP encryption (jsc#SLE-20151) Security issues fixed: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) - CVE-2021-41990: Fixed an integer Overflow in the gmp Plugin. (bsc#1191367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3471-1 Released: Wed Oct 20 08:39:41 2021 Summary: Recommended update for habootstrap-formula Type: recommended Severity: moderate References: 1190940 This update for habootstrap-formula fixes the following issues: Update to version 0.4.4 - Wait for cluster startup after a 'corosync' restart. (bsc#1190940) - Add support for The Oracle Cluster File System v2 (OCFS2) - Enable native fencing for 'microsoft-azure' - Add documentation on how to enable native fencing ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3472-1 Released: Wed Oct 20 08:40:43 2021 Summary: Security update for flatpak Type: security Severity: important References: 1191507,CVE-2021-41133 This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls. (bsc#1191507) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3476-1 Released: Wed Oct 20 08:42:00 2021 Summary: Security update for xstream Type: security Severity: important References: 1189798,CVE-2021-39139,CVE-2021-39140,CVE-2021-39141,CVE-2021-39144,CVE-2021-39145,CVE-2021-39146,CVE-2021-39147,CVE-2021-39148,CVE-2021-39149,CVE-2021-39150,CVE-2021-39151,CVE-2021-39152,CVE-2021-39153,CVE-2021-39154 This update for xstream fixes the following issues: - Upgrade to 1.4.18 - CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798) - CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798) - CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3479-1 Released: Wed Oct 20 11:23:45 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1184970,1186260,1187115,1187470,1187774,1190845 This update for dracut fixes the following issues: - Fix usage information for -f parameter. (bsc#1187470) - Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774) - Remove references to INITRD_MODULES. (bsc#1187115) - Multipath FCoE configurations may not boot when using only one path. (bsc#1186260) - Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm. (bsc#1184970) - Systemd coredump unit files are missing in initrd. (1190845) - Use $kernel rather than $(uname -r). - Exclude modules that are built-in. - Restore INITRD_MODULES in mkinitrd script. - Call dracut_instmods with hostonly. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2021:3483-1 Released: Wed Oct 20 16:08:18 2021 Summary: Feature update for saptune Type: feature Severity: moderate References: 1149205,1164720,1167213,1167416,1167618,1170672,1176243,1178207,1179275,1182009,1182287,1182289,1185702 This update for saptune fixes the following issues: Update saptune from version 2.0.3 to version 3.0.0 (jsc#SLE-20985) - This will be additional reflected in the saptune version found in '/etc/sysconfig/saptune' '(SAPTUNE_VERSION)' - Strengthen configuration process with staging, checks of external changes and expansion of automation to new platforms (Azure, AWS) and hardware specifics (jsc#SLE-20985) - Remove saptune version 1 (jsc#SLE-10823, jsc#SLE-10842) - Remove usage of 'tuned' from saptune - Add an own systemd service file for saptune to 'start/stop' tuning of parameter values during a reboot of the system. - Add a new saptune action 'service' to handle the 'saptune.service' supporting 'start/stop/enable/disable/status'. - The saptune action 'daemon', which handled 'tuned.service' in the past, is now flagged as 'deprecated' and internally linked to the new action 'service'. (jsc#SLE-5589, jsc#SLE-5588, jsc#SLE-6457) - Add a sanity check to detect Note definition files which do not exist anymore. (bsc#1149205) This can happen when a Note is renamed or deleted, but without reverting the Note before. saptune will now print an error message, remove the Note from the tracking variables in '/etc/sysconfig/saptune' and try to revert the related parameter settings. - Validate if the json input file is empty and handle left-over files from the migration from saptune v1 to saptune v2 (bsc#1167618) - To support system parameters only relevant for specific SUSE Linux Enterprise Server releases, service packs and/or hardware architectures saptune now supports 'tagged' sections inside the Note definition files. (jsc#SLE-13246, jsc#SLE-13245) - New kernel requirement for Power added to SAP-Note 2205917 and 2684254 (bsc#1167416) SAP Note 2205917 updated to Version 61 SAP Note 2684254 updated to Version 15 - SAP Note 2382421 updated to Version 37 (bsc#1170672) - Move all 'not-well-defined' parameters from the 'reminder' section into the 'sysctl' section, but with 'empty' values. - Use an override file to define the values fitting your system requirements - Support empty parameter values in the Note definition files and not only in the override file. (bsc#1170672, jsc#TEAM-1702) - This is needed for the support of SAP Notes like 2382421, so that the customer is able to simply use an override file to define some special parameters instead of using a customer specific Note definition file. - Report an 'error' instead of 'info' and set the exit code to '1', if we reject the apply of a solution (bsc#1167213) - Skip perf bias change if secure boot is enabled. (bsc#1176243) - When a system is in lockdown mode, i.e., Secure Boot is enabled, MSR cannot be altered in user-space. So check, if Secure Boot is enabled using the mokutil utility and skip setting the perf bias in case it is. - Rework the internal block device handling to speed up the apply of block device related tunings on systems with a high number of block devices. (bsc#1178207) - Change block device handling to handle multipath devices correctly. Only the DM multipath devices will be used for the settings, but not its paths. (bsc#1179275) - fixed wrong comparison used for setting FORCE_LATENCY (bsc#1185702) - add keyword 'all' to the 'rpm' section description in the man page saptune-note(5). (bsc#1182287) - support note definition versions containing digits, upper-case and lower-case letters, dots, underscores, minus and plus signs. (bsc#1182289) - fixed issue with 'verify' operation and parameter 'VSZ_TMPFS_PERCENT'. As this parameter is only used to calculate the value of 'ShmFileSystemSizeMB' (if it is not set to a value >0 in the Note definition file) it will not be checked and compared during the saptune operation 'verify'. A footnote is pointing this out. (bsc#1182009) - SAP Note 1771258 update nofile values (bsc#1164720) - SAP Note 2684254 updated to Version 20 SAP Note 2578899 updated to Version 39 SAP Note 1680803 updated to Version 26 - enhancements for saptune version 3 (jsc#SLE-16972) - Implement a lock to avoid multiple instances of saptune running in parallel. (jsc#TEAM-1700) - Support for non-colorized output (jsc#TEAM-1679) - If redirecting the output from saptune to a pipe, you no longer need to deal with the 'ugly' control sequences for the colorized output. - Add enable/disable for systemd units and support all systemd unit types in section [service] (jsc#TEAM-1701) - remove script '/usr/share/doc/packages/saptune/sapconf2saptune' and the associated man page (jsc#TEAM-1707) - implement staging of Note definition file and solution definitions. (jsc#TEAM-1844) - The idea is to freeze the saptune configuration to avoid config changes on package update when adding/removing/changing notes or solutions within the package - support custom solutions and override files for solutions. (jsc#TEAM-1706) - Partners and customers will now be able to define their own solution definitions by using files in '/etc/saptune/extra' or to override the shipped solution definitions by using override files in '/etc/saptune/override' - support for device specific configurations (jsc#TEAM-1728) - only supported for the [block] section, tags are 'vendor' and 'model' to support special block devices of a dedicated hardware vendor or a dedicated hardware model - add support for AZURE cloud (SAP Note 2993054) (jsc#TEAM-2676) - add support for AWS cloud (SAP Note 1656250) (jsc#TEAM-1754, jsc#TEAM-1755) - add NVMe support to the block device handling to support AWS (jsc#TEAM-2675) - add SAP Note 3024346 (a NetApp note) (jsc#TEAM-3454) - rework daemon and service actions (jsc#TEAM-3154) - add support for 'read_ahead_kb' and 'max_sectors_kb' to the [block] section (jsc#TEAM-1699) - add a warning to the reminder section of SAP Note 2382421 regarding iSCSI devices and setting of 'net.ipv4.tcp_syn_retries' (jsc#TEAM-1705) - For the actions 'note customise' and 'note create' check, if the customer has changed something during the editor session. If not, remove the temporary created note definition file. (jsc#TEAM-825) - add support for [sys] section and handle double configurations for parameters defined in the [sys] section (jsc#TEAM-3342) - check system sysctl config files as mentioned in the comments of '/etc/sysctl.conf' and in man page 'sysctl.conf(5)' for 'sysctl' parameters currently set by saptune notes. Print a warning and a footnote for 'verify' and 'customize'. (jsc#TEAM-1696) - add support for [filesystem] section only check filesystem mount options, not modify. Starting with filesystem type 'xfs' (jsc#TEAM-4093) - add SAP Note 900929 for SAP Netweaver workloads. (jsc#TEAM-4386) - It's the equivalent to the HANA Note 1980196. - move state files from '/var/lib/saptune' to '/run/saptune' to solve the problem of state files surviving a reboot. - add '/sbin/saptune_check' - add the description of the solution definitions shipped with saptune to the man page saptune(8) (jsc#TEAM-4260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3485-1 Released: Wed Oct 20 16:17:53 2021 Summary: Security update for squid Type: security Severity: moderate References: 1189403,CVE-2021-28116 This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol (bsc#1189403). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3487-1 Released: Wed Oct 20 16:18:28 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1191468,CVE-2021-38297 This update for go1.16 fixes the following issues: Update to go1.16.9 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3488-1 Released: Wed Oct 20 16:18:39 2021 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1191468,CVE-2021-38297 This update for go1.17 fixes the following issues: Update to go1.17.2 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3489-1 Released: Wed Oct 20 16:19:28 2021 Summary: Security update for python Type: security Severity: moderate References: 1189241,1189287,CVE-2021-3733,CVE-2021-3737 This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3493-1 Released: Wed Oct 20 16:37:44 2021 Summary: Security update for fetchmail Type: security Severity: moderate References: 1190069,CVE-2021-39272 This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. (bsc#1190069) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3495-1 Released: Thu Oct 21 09:57:36 2021 Summary: Recommended update for yast2-add-on Type: recommended Severity: moderate References: 1189154 This update for yast2-add-on fixes the following issue: - Don't crash Auto client when importing from an empty add-on section. (bsc#1189154) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3496-1 Released: Thu Oct 21 09:57:47 2021 Summary: Recommended update for bash-completion Type: recommended Severity: low References: 1190929 This update for bash-completion fixes the following issue: - modinfo completion fails to recognize .ko.xz (bsc#1190929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3498-1 Released: Thu Oct 21 09:58:06 2021 Summary: Recommended update for texlive-specs-i Type: recommended Severity: low References: 1190640 This update for texlive-specs-i fixes the following issue: - Fix 'undefined control sequence' error when using with XeLaTeX (bsc#1190640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3500-1 Released: Fri Oct 22 09:42:21 2021 Summary: Recommended update for open-vm-tools Type: recommended Severity: moderate References: 1190987 This update for open-vm-tools fixes the following issues: - New/Updated features: * Added a configurable logging capability to the network script * The hgfsmounter (mount.vmhgfs) command has been removed from open-vm-tools. It has been replaced by hgfs-fuse. - Resolved issues: * Customization: Retry the Linux reboot if telinit is a soft link to systemctl * open-vm-tools commands would hang if configured with '--enable-valgrind' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3506-1 Released: Mon Oct 25 10:20:22 2021 Summary: Security update for containerd, docker, runc Type: security Severity: important References: 1102408,1185405,1187704,1188282,1190826,1191015,1191121,1191334,1191355,1191434,CVE-2021-30465,CVE-2021-32760,CVE-2021-41089,CVE-2021-41091,CVE-2021-41092,CVE-2021-41103 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3512-1 Released: Tue Oct 26 13:33:17 2021 Summary: Recommended update for MozillaFirefox Type: recommended Severity: moderate References: 1190141,1191815 This update for MozillaFirefox fixes the following issues: - Allow accessing /proc/sys/crypto/fips_enabled from within the newly introduced socket process sandbox. (bsc#1191815, bsc#1190141) - Add a way to let users overwrite MOZ_ENABLE_WAYLAND ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3516-1 Released: Tue Oct 26 14:42:44 2021 Summary: Recommended update for azure-cli, azure-cli-core, python-azure-mgmt, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse Type: recommended Severity: important References: 1187880,1188178 This update for azure-cli, azure-cli-core, python-azure-mgmt, python-azure-mgmt-billing, python-azure-mgmt-cdn, python-azure-mgmt-hdinsight, python-azure-mgmt-netapp, python-azure-mgmt-resource, python-azure-mgmt-synapse contains the following fixes: Changes in python-azure-mgmt: - Remove all version constraints in Requires. (bsc#1187880, bsc#1188178) Changes in azure-cli-core: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 2.16.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Refresh patches for new version - Update Requires from setup.py + Temporarily use a vendored copy of azure-mgmt-resource - New upstream release + Version 2.15.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py Changes in azure-cli: - Update in SLE-15 (bsc#1187880, bsc#1188178) - Add missing python3-azure-mgmt-resource dependency to Requires - New upstream release + Version 2.16.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py - New upstream release + Version 2.15.0 + For detailed information about changes see the HISTORY.rst file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-billing: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-cdn: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 5.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-hdinsight: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-netapp: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 0.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-resource: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 15.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-synapse: - Update in SLE-15 (bsc#1187880, bsc#1188178) - New upstream release + Version 0.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3521-1 Released: Tue Oct 26 15:38:44 2021 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735,CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094 This update for ffmpeg fixes the following issues: - CVE-2021-3566: Fixed information leak (bsc#1189166). - CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734) - CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733) - CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735) - CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756) - CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852) - CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719) - CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718) - CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722) - CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723) - CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726) - CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3522-1 Released: Tue Oct 26 15:39:29 2021 Summary: Security update for apache2 Type: security Severity: important References: 1190666,1190669,1190702,1190703,CVE-2021-34798,CVE-2021-36160,CVE-2021-39275,CVE-2021-40438 This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. (bsc#1190702) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3527-1 Released: Tue Oct 26 17:03:06 2021 Summary: Security update for wireguard-tools Type: security Severity: moderate References: 1191224 This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard (bsc#1191224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3530-1 Released: Wed Oct 27 09:24:29 2021 Summary: Security update for dnsmasq Type: security Severity: moderate References: 1173646,1180914,1183709,CVE-2020-14312,CVE-2021-3448 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709) - CVE-2020-14312: Set --local-service by default (bsc#1173646). - Open inotify socket only when used (bsc#1180914). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3531-1 Released: Wed Oct 27 10:07:33 2021 Summary: Security update for busybox Type: security Severity: important References: 1099260,1099263,1121426,1184522,951562,CVE-2011-5325,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2021-28831 This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2011-5325: Fixed a directory traversal related to 'tar' command (bsc#951562). - CVE-2018-1000500: Fixed missing SSL certificate validation related to the 'wget' command (bsc#1099263). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3532-1 Released: Wed Oct 27 10:11:20 2021 Summary: Recommended update for pmdk Type: recommended Severity: important References: 1191339 This update for pmdk fixes the following issues: - Fixed an issue when 'PMDK' causes data corruption on power failure. (bsc#1191339) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3534-1 Released: Wed Oct 27 10:40:02 2021 Summary: Recommended update for pacemaker Type: recommended Severity: moderate References: 1190821 This update for pacemaker fixes the following issues: - Drop unformatted log message about log permissions. (bsc#1190821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3536-1 Released: Wed Oct 27 10:40:13 2021 Summary: Recommended update for yast2-storage-ng Type: recommended Severity: low References: 1187270,1191109,1191347 This update for yast2-storage-ng fixes the following issues: - Fix desktop file so the control center tooltip is translated. (bsc#1187270) - Recommend to install libyui-qt-graph package in order to offer the View/Device Graphs menu option. (bsc#1191109) - Fix (un)masking systemd units by using the systemctl --plain flag. (bsc#1191347). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3538-1 Released: Wed Oct 27 10:40:32 2021 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1160242 This update for iproute2 fixes the following issues: - Follow-up fixes backported from upstream. (bsc#1160242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3542-1 Released: Wed Oct 27 11:44:39 2021 Summary: Recommended update for openscap Type: recommended Severity: moderate References: 1186735 This update for openscap fixes the following issues: - Since upstream has moved to Python 3, switch the BuildRequires from 'python-devel' to 'python3-devel'. - Add definitions for SUSE Linux Enterprise Server, SUSE Linux Enterprise Desktop, openSUSE Tumbleweed, openSUSE Leap and Fedora to the CPE dictionary. (bsc#1186735) - Add updated definitions for openSUSE Tumbleweed, openSUSE Leap and Wind River Linux using the Open Vulnerability and Assessment Language. (bsc#1186735) - openscap 1.3.5 - New features - Made 'schematron-based' validation enabled by default for validate command of 'oval' and 'xccdf' modules - Added SCAP 1.3 source data stream Schematron - Added XML Signature Validation - Added '--enforce-signature' option for eval, guide, and fix modules - Added entity support (OVAL/yamlfilecontent) - Allowed to clamp mtime to SOURCE_DATE_EPOCH - Added severity and role attributes - Added support for requires/conflicts elements of the Rule and Group (XCCDF) - Added Kubernetes remediation to HTML report - Maintenance, bug fix - Fixed CMake warnings - Made 'gpfs', 'proc' and 'sysfs' filesystems non-local - Fixed handling of '--arg=val'-styled common options - Documented used environment variables - Updated man page and help texts - Added '--skip-validation' option synonym for '--skip-valid' - Fixed behavior of StateType operator - Fixed coverity warnings - Ignoring namespace in XPath expressions - Fixed how 'oval_probe_ext_eval' checks absence of the response from the probe (obtrusive data warning) - Described SWID tags detection - Improved documentation about '--stig-viewer' option - File probe behaviour fixed (symlink traversal now behaves as defined by OVAL) - Fixed multiple segfaults and broken test in '--stig-viewer' feature - Added dpkg version comparison algorithm - Fixed 'TestResult/benchmark/@href' attribute - Fixed memory allocation - Fixed field names for cases where key selection section is followed by a set section (probes/yamfilecontent) - Changing hard coded libperl path in favor of FindPerlLibs method - Check local filesystems when using 'filepath' element ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3543-1 Released: Wed Oct 27 13:12:40 2021 Summary: Recommended update for system-role-common-criteria Type: recommended Severity: moderate References: This update for system-role-common-criteria ships it to the Server Applications Module. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3551-1 Released: Wed Oct 27 15:27:49 2021 Summary: Recommended update for SUSE Manager 4.2.3 Release Notes Type: recommended Severity: low References: 1171520,1181223,1187572,1187998,1188315,1188977,1189260,1189422,1189609,1189799,1189818,1189933,1190040,1190123,1190151,1190164,1190166,1190265,1190275,1190276,1190300,1190396,1190405,1190455,1190512,1190602,1190751,1190820,1191123,1191139,1191348,1191551,CVE-2021-21996,CVE-2021-40348 This update for SUSE Manager 4.2.3 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.3 - aarch64 support for CentOS 7/8, Oracle Linux 7/8, Rocky Linux 8, AlmaLinux 8, Amazon Linux 2 and openSUSE Leap 15.3 - Package Locking features is now available for Salt Minions - New XMLRPC API methods for SaltKey - Bugs mentioned: bsc#1171520, bsc#1181223, bsc#1187572, bsc#1187998, bsc#1188315, bsc#1188977, bsc#1189260, bsc#1189422, bsc#1189609, bsc#1189799, bsc#1189818, bsc#1189933, bsc#1190040, bsc#1190123, bsc#1190151, bsc#1190164, bsc#1190166, bsc#1190265, bsc#1190275, bsc#1190276, bsc#1190300, bsc#1190396, bsc#1190405, bsc#1190455, bsc#1190512, bsc#1190602, bsc#1190751, bsc#1190820, bsc#1191123, bsc#1191139, bsc#1191348, bsc#1191551, CVE-2021-40348, CVE-2021-21996 Release notes for SUSE Manager proxy: - Update to 4.2.3 - Bugs mentioned: bsc#1171520, bsc#1181223, bsc#1187998, bsc#1188315, bsc#1188977, bsc#1190405, bsc#1190512, bsc#1190602, bsc#1190751, bsc#1190820, bsc#1191348 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3557-1 Released: Wed Oct 27 15:29:15 2021 Summary: Security update for salt Type: security Severity: moderate References: 1190265,CVE-2021-21996 This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3568-1 Released: Thu Oct 28 09:27:52 2021 Summary: Recommended update for crmsh Type: recommended Severity: moderate References: 1191508 This update for crmsh fixes the following issues: - Update to parse lifetime option correctly in ui_resource (bsc#1191508) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3569-1 Released: Thu Oct 28 09:28:43 2021 Summary: Recommended update for orarun Type: recommended Severity: moderate References: 1191350 This update for orarun fixes the following issues: - Fixed warning messages, changed $ORACLE_HOME to $ORACLE_BASE/product/21c in oracle.sh (bsc#1191350) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3570-1 Released: Thu Oct 28 09:30:54 2021 Summary: Recommended update for yast2-installation Type: recommended Severity: moderate References: 1191160 This update for yast2-installation fixes the following issues: - Fix file copying when using relurl:// and file:// naming schemes (bsc#1191160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3571-1 Released: Thu Oct 28 09:32:19 2021 Summary: Recommended update for postfix Type: recommended Severity: moderate References: 1190945 This update for postfix fixes the following issues: - Adapt config.postfix to filter out lmdb files from the alias maps (bsc#1190945) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3573-1 Released: Thu Oct 28 09:36:05 2021 Summary: Recommended update for yast2-theme Type: recommended Severity: moderate References: 1176164,1191830 This update for yast2-theme fixes the following issues: - Remove unnecesary rej file and add icon for Budgie pattern (bsc#1191830, bsc#1176164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3574-1 Released: Thu Oct 28 12:50:07 2021 Summary: Recommended update for rpmlint Type: recommended Severity: moderate References: 1190790,1191821 This update for rpmlint fixes the following issues: - whitelisting of systemd-od (bsc#1191821) and pam_u2f (bsc#1190790 jsc#SLE-21888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3578-1 Released: Fri Oct 29 11:36:22 2021 Summary: Recommended update for migrate-sles-to-sles4sap Type: recommended Severity: moderate References: 1189481 This update for migrate-sles-to-sles4sap fixes the following issues: - migrate-sles-to-sles4sap package has dependency perl-XML-Twig that is not installed. (bsc#1189481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3579-1 Released: Fri Oct 29 14:56:48 2021 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1182026,1189362 This update for cloud-regionsrv-client fixes the following issues: - Avoid race confition with ca-certificates. (bsc#1189362) + Make the service run after ca-sertificates is done + Attempt multiple times to update the trust chain - New package to enable/disable access due to AHB. (bsc#1182026, jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3581-1 Released: Fri Oct 29 16:09:23 2021 Summary: Recommended update for SUSEConnect Type: recommended Severity: important References: This update for SUSEConnect contains the following fix: - Update to 0.3.32: - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164) - Document that 'debug' can also get set in the config file - --status will also print the subscription name ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3584-1 Released: Fri Oct 29 16:27:43 2021 Summary: Security update for transfig Type: security Severity: important References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019,CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280 This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3587-1 Released: Fri Oct 29 19:30:13 2021 Summary: Recommended update for yast2-country Type: recommended Severity: moderate References: 1187857,1189461 This update for yast2-country fixes the following issues: - Move the keyboards database to lib/ to make the module compatible with the self-update mechanism. (bsc#1189461) - Use official China timezone Asia/Shanghai. (bsc#1187857) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3590-1 Released: Tue Nov 2 06:24:39 2021 Summary: Recommended update for libyui Type: recommended Severity: moderate References: 1191130 This update for libyui fixes the following issues: - Fixed crash in NCurses online update when retracted packages are present (bsc#1191130) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3591-1 Released: Tue Nov 2 06:26:33 2021 Summary: Recommended update for man-pages Type: recommended Severity: moderate References: 1185534 This update for man-pages fixes the following issues: - Added missing manual entry for kernel_lockdown in section 7 (bsc#1185534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3596-1 Released: Wed Nov 3 08:32:54 2021 Summary: Recommended update for libyui-ncurses-pkg Type: recommended Severity: moderate References: 1191130 This update for libyui-ncurses-pkg fixes the following issues: - Fixed crash in NCurses online update when retracted packages are present (bsc#1191130) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3599-1 Released: Wed Nov 3 10:29:54 2021 Summary: Recommended update for postgresql, postgresql13, postgresql14 Type: recommended Severity: moderate References: This update for postgresql, postgresql13, postgresql14 fixes the following issues: This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676) Feature changes in postgresql14: - https://www.postgresql.org/about/news/postgresql-14-released-2318/ - https://www.postgresql.org/docs/14/release-14.html Changes in postgresql13: - Stop building the mini and lib packages as they are now coming from postgresql14. Changes in postgresql: - Bump version to 14, leave default at 12. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3600-1 Released: Wed Nov 3 10:31:11 2021 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: This update for postgresql fixes the following issues: - Bump version to 14, leave default at 13. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3603-1 Released: Wed Nov 3 14:58:13 2021 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1191937,CVE-2021-42762 This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3605-1 Released: Wed Nov 3 14:59:32 2021 Summary: Security update for qemu Type: security Severity: important References: 1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3606-1 Released: Wed Nov 3 15:12:47 2021 Summary: Recommended update for release-notes-sles Type: recommended Severity: moderate References: 1183906,1186099,1188302,1189989,1190394,933411 This update for release-notes-sles fixes the following issues: - 15.3.20211025 (tracked in bsc#933411) - Added note about NVMe-oF TCP support (bsc#1190394) - Added note about manual pages (bsc#1188302) - Added keepalived to support exceptions (bsc#1183906) - Updated note about support information (bsc#1189989) - Updated SELinux note to include warning (bsc#1186099) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3609-1 Released: Wed Nov 3 16:41:33 2021 Summary: Recommended update for autoyast2 Type: recommended Severity: low References: 1191968 This update for autoyast2 fixes the following issues: - Add the 'keep_unknown_lv' element to the partitioning schema. (bsc#1191968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3616-1 Released: Thu Nov 4 12:29:16 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=