SUSE Image Update Advisory: SUSE ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2000:27-1 Image Tags : SUSE:SLE-15-SP4:3 Image Release : Severity : critical Type : security References : 1020320 1027519 1027519 1034995 1040855 1043347 1043990 1044120 1044767 1047233 1050257 1055014 1055117 1055117 1055186 1058115 1061843 1064976 1064978 1065600 1065729 1065729 1065729 1065729 1065729 1065729 1065729 1065729 1065729 1065729 1066382 1068871 1069169 1069412 1071995 1071995 1071995 1077428 1085030 1087082 1094244 1094840 1095070 1099260 1099263 1102912 1109695 1110282 1111657 1113295 1115431 1116432 1119559 1119560 1119562 1120163 1121426 1121428 1122853 1129923 1133021 1133021 1134760 1136666 1138374 1139944 1140205 1140754 1142579 1142675 1142677 1142678 1142679 1144337 1144506 1148184 1148868 1149032 1149789 1152148 1152457 1152457 1152457 1152472 1152472 1152472 1152472 1152489 1152489 1152489 1152489 1152489 1152489 1153274 1153274 1153577 1154353 1154353 1154488 1154492 1154751 1154824 1155518 1155518 1155518 1155518 1155798 1156256 1156315 1156395 1156395 1156395 1156395 1156395 1156395 1157169 1158050 1158242 1158265 1158430 1158748 1158765 1158775 1158983 1159058 1159280 1159781 1159867 1159886 1160388 1160634 1160634 1160947 1161099 1161495 1162002 1162063 1162209 1162400 1162702 1162702 1163592 1163727 1164051 1164051 1164648 1164648 1164777 1164780 1165211 1165455 1165629 1165692 1165933 1165975 1166146 1166166 1166340 1166965 1166985 1167030 1167104 1167260 1167527 1167574 1167651 1167657 1167773 1167773 1167851 1167864 1168230 1168461 1168468 1168777 1168779 1168838 1168838 1168952 1168959 1169021 1169094 1169194 1169263 1169514 1169514 1169681 1169709 1169763 1169771 1169790 1169795 1170011 1170139 1170232 1170284 1170415 1170442 1170617 1170621 1170774 1170879 1170891 1170895 1171000 1171068 1171073 1171078 1171117 1171150 1171156 1171189 1171191 1171218 1171219 1171220 1171236 1171242 1171246 1171285 1171293 1171295 1171374 1171390 1171391 1171392 1171417 1171426 1171507 1171513 1171514 1171529 1171530 1171558 1171634 1171644 1171662 1171675 1171688 1171699 1171709 1171730 1171732 1171736 1171739 1171742 1171743 1171759 1171773 1171774 1171775 1171776 1171777 1171778 1171779 1171780 1171781 1171782 1171783 1171784 1171785 1171786 1171787 1171788 1171789 1171790 1171791 1171792 1171793 1171794 1171795 1171796 1171797 1171798 1171799 1171810 1171827 1171828 1171832 1171833 1171834 1171835 1171839 1171840 1171841 1171842 1171843 1171844 1171849 1171857 1171868 1171904 1171915 1171982 1171983 1171988 1172017 1172046 1172061 1172062 1172063 1172064 1172065 1172066 1172067 1172068 1172069 1172073 1172086 1172095 1172108 1172110 1172145 1172169 1172170 1172197 1172201 1172208 1172223 1172247 1172317 1172342 1172343 1172344 1172365 1172366 1172374 1172391 1172393 1172394 1172418 1172419 1172445 1172453 1172458 1172467 1172484 1172537 1172543 1172687 1172719 1172733 1172739 1172751 1172757 1172759 1172775 1172781 1172782 1172783 1172814 1172823 1172841 1172871 1172873 1172938 1172939 1172940 1172956 1172963 1172983 1172984 1172985 1172986 1172987 1172988 1172989 1172990 1172999 1173017 1173068 1173074 1173085 1173115 1173139 1173206 1173267 1173271 1173280 1173284 1173428 1173438 1173461 1173468 1173485 1173485 1173514 1173552 1173573 1173625 1173746 1173776 1173798 1173813 1173817 1173818 1173820 1173822 1173823 1173824 1173825 1173826 1173827 1173828 1173830 1173831 1173832 1173833 1173834 1173836 1173837 1173838 1173839 1173841 1173843 1173844 1173845 1173847 1173849 1173860 1173894 1173941 1173954 1174002 1174003 1174018 1174026 1174029 1174072 1174098 1174110 1174111 1174116 1174126 1174127 1174128 1174129 1174146 1174185 1174205 1174244 1174263 1174264 1174331 1174332 1174333 1174345 1174356 1174358 1174362 1174387 1174396 1174398 1174407 1174409 1174411 1174414 1174416 1174426 1174438 1174462 1174484 1174486 1174513 1174527 1174625 1174627 1174645 1174689 1174699 1174737 1174748 1174757 1174762 1174770 1174771 1174777 1174805 1174824 1174825 1174852 1174865 1174880 1174897 1174899 1174906 1174969 1175009 1175010 1175011 1175012 1175013 1175014 1175015 1175016 1175017 1175018 1175019 1175020 1175021 1175052 1175079 1175112 1175116 1175128 1175149 1175175 1175176 1175180 1175181 1175182 1175183 1175184 1175185 1175186 1175187 1175188 1175189 1175190 1175191 1175192 1175195 1175199 1175213 1175232 1175263 1175284 1175296 1175306 1175344 1175345 1175346 1175347 1175367 1175377 1175440 1175480 1175493 1175546 1175550 1175599 1175621 1175622 1175654 1175667 1175679 1175691 1175718 1175721 1175749 1175768 1175769 1175770 1175771 1175772 1175774 1175775 1175787 1175807 1175834 1175873 1175882 1175898 1175918 1175952 1175995 1175995 1175996 1175997 1175998 1175999 1176000 1176001 1176019 1176022 1176038 1176063 1176069 1176109 1176137 1176180 1176200 1176235 1176236 1176237 1176242 1176354 1176357 1176358 1176359 1176360 1176361 1176362 1176363 1176364 1176365 1176366 1176367 1176381 1176396 1176400 1176423 1176427 1176449 1176481 1176485 1176486 1176507 1176536 1176537 1176538 1176539 1176540 1176541 1176542 1176543 1176544 1176545 1176546 1176548 1176558 1176559 1176564 1176564 1176586 1176587 1176588 1176659 1176698 1176699 1176700 1176713 1176721 1176722 1176725 1176732 1176763 1176775 1176788 1176789 1176833 1176855 1176869 1176877 1176907 1176925 1176942 1176956 1176962 1176979 1176980 1176983 1176990 1177021 1177030 1177066 1177070 1177086 1177090 1177109 1177121 1177193 1177194 1177206 1177258 1177271 1177281 1177283 1177284 1177285 1177286 1177297 1177326 1177326 1177353 1177384 1177397 1177410 1177411 1177460 1177460 1177470 1177500 1177511 1177617 1177666 1177666 1177679 1177681 1177683 1177687 1177694 1177697 1177698 1177703 1177719 1177724 1177725 1177726 1177733 1177739 1177749 1177750 1177754 1177755 1177765 1177766 1177799 1177801 1177814 1177817 1177820 1177854 1177855 1177856 1177861 1178002 1178049 1178079 1178089 1178123 1178163 1178166 1178173 1178175 1178176 1178177 1178181 1178182 1178183 1178184 1178185 1178186 1178190 1178191 1178203 1178227 1178246 1178249 1178255 1178270 1178286 1178307 1178330 1178330 1178393 1178395 1178401 1178418 1178426 1178461 1178579 1178581 1178584 1178585 1178589 1178590 1178612 1178612 1178634 1178635 1178653 1178659 1178660 1178661 1178669 1178676 1178686 1178740 1178755 1178756 1178762 1178780 1178838 1178853 1178886 1179001 1179012 1179014 1179015 1179045 1179076 1179082 1179107 1179140 1179141 1179160 1179201 1179204 1179211 1179217 1179243 1179419 1179424 1179425 1179426 1179427 1179429 1179432 1179434 1179435 1179442 1179454 1179465 1179519 1179550 1179575 1179578 1179584 1179601 1179604 1179639 1179652 1179656 1179670 1179671 1179672 1179673 1179675 1179676 1179677 1179678 1179679 1179680 1179681 1179682 1179683 1179684 1179685 1179687 1179688 1179689 1179690 1179703 1179704 1179707 1179709 1179710 1179711 1179712 1179713 1179714 1179715 1179716 1179745 1179763 1179821 1179827 1179851 1179851 1179887 1179888 1179892 1179896 1179960 1179963 1180027 1180029 1180031 1180043 1180044 1180046 1180052 1180056 1180086 1180117 1180197 1180258 1180261 1180349 1180506 1180541 1180559 1180566 1180846 1180915 1180966 1180980 1180995 1181161 1181383 1181400 1181419 1181507 1181640 1181674 1181862 1181961 1181961 1181961 1182011 1182077 1182378 1182485 1182552 1182574 1182591 1182595 1182613 1182712 1182713 1182715 1182716 1182717 1182770 1182989 1182999 1183015 1183018 1183022 1183023 1183048 1183063 1183203 1183252 1183277 1183278 1183279 1183280 1183281 1183282 1183283 1183284 1183285 1183286 1183287 1183288 1183289 1183346 1183366 1183369 1183386 1183405 1183412 1183416 1183427 1183428 1183445 1183447 1183501 1183509 1183530 1183534 1183540 1183593 1183596 1183598 1183637 1183646 1183662 1183686 1183692 1183696 1183750 1183757 1183775 1183843 1183859 1183868 1183871 1183873 1183932 1183947 1184074 1184081 1184082 1184120 1184124 1184167 1184168 1184170 1184176 1184192 1184193 1184194 1184196 1184198 1184208 1184209 1184211 1184217 1184218 1184219 1184220 1184224 1184350 1184350 1184388 1184391 1184393 1184436 1184485 1184509 1184511 1184512 1184514 1184514 1184522 1184583 1184585 1184611 1184647 1184650 1184689 1184724 1184728 1184730 1184731 1184736 1184737 1184738 1184740 1184741 1184742 1184760 1184811 1184855 1184893 1184934 1184942 1184957 1184969 1184984 1185002 1185041 1185113 1185182 1185218 1185229 1185233 1185244 1185269 1185365 1185428 1185447 1185454 1185472 1185491 1185497 1185549 1185586 1185587 1185589 1185597 1185606 1185643 1185645 1185677 1185680 1185696 1185703 1185712 1185725 1185758 1185859 1185861 1185861 1185861 1185863 1185863 1185863 1185898 1185899 1185911 1185913 1185938 1185987 1185988 1186053 1186056 1186061 1186192 1186231 1186285 1186320 1186399 1186439 1186441 1186449 1186449 1186460 1186498 1186501 1186573 1186787 1186827 1186870 1187428 1187428 1187655 1187767 1188086 1188238 1188238 1188374 1188571 1188605 1188605 1188607 1188645 1188733 1188882 1189297 1189297 1189332 1189333 1189334 1189335 1189337 1189338 1189520 1189560 1189602 1189602 1190223 1190256 1190256 1190736 1190787 1190969 1190969 1191055 1191084 1191256 1191256 1191259 1191259 1191410 1191473 1191546 1191546 1191546 1191833 1191880 1192252 1192383 1192426 1192427 1192439 1192478 1192508 1192648 1192763 1192868 1192868 1192869 1192963 1192963 1193009 1193166 1193273 1193492 1193566 1193629 1193629 1193629 1193629 1193629 1193629 1193686 1193742 1193742 1193923 1193929 1194038 1194119 1194530 1194783 1194869 1194869 1194869 1194869 1194869 1194869 1195149 1195175 1195175 1195387 1195391 1195437 1195438 1195655 1195655 1195773 1195805 1195924 1195925 1195979 1196018 1196018 1196058 1196058 1196076 1196087 1196205 1196328 1196632 1196632 1196673 1196673 1196709 1196726 1196918 1196959 1196959 1197084 1197239 1197284 1197428 1197592 1197599 1197672 1197770 1197773 1197776 1197998 1198127 1198165 1198237 1198408 1198409 1198625 1198647 1198715 1198780 1198894 1198897 1198980 1198980 1198980 1199062 1199074 1199258 1199282 1199294 1199294 1199467 1199701 1199701 1199722 1199744 1199746 1199782 1199790 1199808 1199810 1199856 1199868 1199895 1199904 1199904 1199944 1200016 1200022 1200058 1200058 1200058 1200089 1200102 1200107 1200129 1200169 1200285 1200296 1200316 1200330 1200441 1200441 1200485 1200505 1200505 1200567 1200567 1200581 1200657 1200692 1200692 1200723 1200788 1200788 1200791 1200801 1200803 1200901 1200969 1200994 1201053 1201064 1201068 1201068 1201103 1201207 1201235 1201266 1201298 1201298 1201298 1201370 1201401 1201435 1201476 1201490 1201492 1201493 1201495 1201496 1201501 1201535 1201539 1201590 1201606 1201607 1201627 1201634 1201634 1201684 1201685 1201688 1201689 1201689 1201692 1201693 1201694 1201700 1201701 1201701 1201702 1201704 1201706 1201707 1201708 1201709 1201717 1201785 1201788 1201893 1201933 1201959 1201962 1202007 1202008 1202014 1202021 1202085 1202087 1202087 1202093 1202115 1202150 1202187 1202187 1202217 1202269 1202324 1202337 1202341 1202341 1202344 1202364 1202365 1202417 1202427 1202436 1202436 1202465 1202479 1202559 1202585 1202608 1202627 1202630 1202655 1202684 1202685 1202686 1202686 1202692 1202700 1202700 1202750 1202785 1202809 1202812 1202816 1202821 1202870 1202870 1202914 1202914 1202933 1202937 1202945 1202962 1202966 1202967 1202969 1202974 1202979 1203024 1203092 1203098 1203098 1203110 1203125 1203147 1203152 1203155 1203163 1203164 1203181 1203183 1203183 1203194 1203204 1203216 1203219 1203219 1203229 1203229 1203246 1203256 1203259 1203267 1203272 1203273 1203274 1203283 1203283 1203290 1203290 1203316 1203341 1203344 1203367 1203367 1203368 1203382 1203391 1203408 1203435 1203435 1203451 1203453 1203459 1203461 1203476 1203476 1203478 1203482 1203508 1203509 1203511 1203514 1203514 1203527 1203528 1203532 1203532 1203556 1203580 1203588 1203596 1203597 1203599 1203599 1203600 1203602 1203606 1203606 1203606 1203606 1203611 1203613 1203613 1203613 1203633 1203652 1203652 1203681 1203685 1203685 1203698 1203699 1203699 1203699 1203701 1203740 1203740 1203742 1203743 1203743 1203743 1203743 1203749 1203767 1203767 1203770 1203781 1203796 1203797 1203799 1203802 1203802 1203806 1203807 1203818 1203820 1203826 1203829 1203829 1203834 1203866 1203867 1203870 1203884 1203886 1203894 1203896 1203922 1203922 1203924 1203957 1203960 1203973 1203973 1203976 1203979 1203988 1203989 1204000 1204008 1204017 1204017 1204029 1204032 1204051 1204059 1204060 1204061 1204063 1204063 1204066 1204068 1204091 1204124 1204125 1204126 1204142 1204142 1204145 1204166 1204166 1204167 1204167 1204167 1204167 1204167 1204168 1204168 1204170 1204170 1204170 1204171 1204171 1204179 1204180 1204186 1204195 1204211 1204228 1204235 1204241 1204241 1204254 1204256 1204257 1204258 1204270 1204272 1204276 1204285 1204289 1204289 1204289 1204289 1204294 1204319 1204330 1204353 1204353 1204354 1204354 1204355 1204355 1204356 1204356 1204364 1204369 1204370 1204381 1204391 1204399 1204402 1204402 1204405 1204412 1204413 1204413 1204414 1204415 1204415 1204416 1204417 1204417 1204421 1204422 1204423 1204424 1204424 1204424 1204424 1204424 1204425 1204426 1204428 1204428 1204431 1204431 1204437 1204439 1204439 1204440 1204444 1204448 1204451 1204455 1204456 1204468 1204468 1204468 1204470 1204470 1204471 1204471 1204471 1204472 1204472 1204472 1204472 1204473 1204473 1204473 1204473 1204475 1204475 1204475 1204475 1204479 1204479 1204480 1204480 1204480 1204482 1204483 1204485 1204486 1204487 1204488 1204489 1204490 1204493 1204494 1204496 1204498 1204498 1204502 1204517 1204519 1204523 1204526 1204527 1204530 1204533 1204533 1204541 1204556 1204559 1204569 1204569 1204574 1204574 1204575 1204575 1204576 1204576 1204576 1204576 1204576 1204577 1204577 1204577 1204581 1204585 1204614 1204614 1204619 1204619 1204624 1204624 1204631 1204631 1204633 1204635 1204635 1204636 1204636 1204637 1204637 1204641 1204642 1204643 1204644 1204645 1204646 1204646 1204647 1204647 1204649 1204650 1204650 1204651 1204652 1204652 1204653 1204653 1204662 1204662 1204670 1204685 1204693 1204693 1204693 1204693 1204696 1204699 1204703 1204705 1204705 1204706 1204708 1204712 1204715 1204719 1204719 1204720 1204728 1204728 1204729 1204729 1204743 1204748 1204753 1204753 1204760 1204760 1204769 1204779 1204779 1204780 1204781 1204782 1204788 1204810 1204810 1204821 1204822 1204835 1204844 1204845 1204850 1204850 1204867 1204868 1204868 1204879 1204886 1204907 1204911 1204911 1204926 1204926 1204929 1204932 1204933 1204933 1204934 1204934 1204939 1204941 1204941 1204944 1204947 1204947 1204957 1204957 1204962 1204963 1204963 1204968 1204970 1204970 1204975 1204979 1204979 1204986 1204989 1204989 1205000 1205000 1205007 1205007 1205012 1205019 1205033 1205040 1205089 1205089 1205100 1205100 1205111 1205111 1205113 1205116 1205119 1205120 1205121 1205122 1205123 1205124 1205125 1205126 1205126 1205128 1205128 1205130 1205130 1205130 1205130 1205130 1205130 1205130 1205130 1205132 1205146 1205148 1205149 1205149 1205150 1205153 1205153 1205156 1205175 1205178 1205182 1205186 1205186 1205186 1205186 1205186 1205186 1205207 1205209 1205212 1205220 1205220 1205244 1205253 1205255 1205257 1205257 1205263 1205263 1205264 1205266 1205267 1205270 1205270 1205272 1205275 1205279 1205281 1205282 1205284 1205300 1205300 1205302 1205302 1205305 1205318 1205323 1205331 1205331 1205332 1205339 1205350 1205377 1205385 1205386 1205388 1205392 1205418 1205422 1205427 1205428 1205428 1205446 1205470 1205473 1205473 1205484 1205485 1205485 1205489 1205495 1205495 1205496 1205496 1205502 1205507 1205512 1205514 1205514 1205521 1205522 1205523 1205535 1205563 1205564 1205567 1205601 1205601 1205615 1205616 1205617 1205617 1205629 1205644 1205646 1205653 1205653 1205657 1205663 1205671 1205679 1205683 1205695 1205695 1205700 1205705 1205709 1205711 1205727 1205735 1205744 1205744 1205749 1205754 1205764 1205764 1205782 1205796 1205796 1205797 1205815 1205815 1205815 1205815 1205815 1205815 1205822 1205873 1205874 1205874 1205874 1205875 1205875 1205875 1205876 1205876 1205876 1205877 1205877 1205877 1205878 1205878 1205878 1205879 1205879 1205879 1205882 1205882 1205890 1205916 1205916 1205917 1205918 1205919 1205941 1205943 1205968 1205974 1205976 1205990 1205993 1205993 1206006 1206006 1206017 1206017 1206017 1206028 1206035 1206035 1206036 1206036 1206036 1206036 1206037 1206037 1206044 1206045 1206046 1206046 1206047 1206047 1206048 1206049 1206050 1206051 1206051 1206055 1206056 1206056 1206056 1206056 1206057 1206057 1206057 1206057 1206065 1206071 1206072 1206073 1206073 1206075 1206077 1206082 1206098 1206098 1206101 1206101 1206113 1206113 1206114 1206114 1206134 1206134 1206135 1206135 1206147 1206147 1206149 1206149 1206160 1206168 1206186 1206188 1206188 1206189 1206189 1206190 1206204 1206205 1206206 1206207 1206207 1206209 1206209 1206212 1206212 1206222 1206228 1206228 1206228 1206228 1206228 1206228 1206235 1206242 1206242 1206249 1206258 1206258 1206263 1206273 1206273 1206276 1206294 1206300 1206301 1206302 1206303 1206306 1206307 1206308 1206309 1206310 1206311 1206312 1206313 1206336 1206337 1206344 1206344 1206363 1206363 1206373 1206373 1206373 1206373 1206373 1206373 1206373 1206374 1206375 1206389 1206389 1206390 1206390 1206391 1206391 1206393 1206393 1206394 1206394 1206395 1206395 1206396 1206396 1206397 1206397 1206398 1206398 1206399 1206399 1206412 1206414 1206414 1206428 1206441 1206442 1206442 1206456 1206456 1206459 1206459 1206467 1206468 1206468 1206469 1206470 1206471 1206474 1206504 1206515 1206515 1206536 1206536 1206543 1206546 1206551 1206554 1206554 1206579 1206601 1206602 1206602 1206613 1206616 1206616 1206619 1206619 1206622 1206653 1206661 1206664 1206664 1206666 1206667 1206667 1206670 1206673 1206677 1206677 1206703 1206703 1206716 1206727 1206737 1206750 1206751 1206761 1206778 1206778 1206784 1206784 1206794 1206794 1206795 1206799 1206828 1206836 1206866 1206867 1206868 1206896 1206896 1206912 1206912 1206921 1206930 1206930 1206958 1206958 1207010 1207010 1207016 1207016 1207029 1207030 1207031 1207032 1207033 1207034 1207034 1207036 1207038 1207050 1207082 1207119 1207119 1207125 1207134 1207134 1207136 1207149 1207149 1207158 1207158 1207162 1207181 1207184 1207184 1207186 1207186 1207190 1207190 1207202 1207203 1207221 1207237 1207237 1207246 1207247 1207248 1207250 1207251 1207263 1207263 1207264 1207269 1207269 1207378 1207379 1207396 1207413 1207447 1207448 1207450 1207451 1207454 1207455 1207466 1207471 1207471 1207473 1207475 1207497 1207497 1207500 1207500 1207501 1207501 1207506 1207506 1207507 1207507 1207520 1207533 1207533 1207533 1207534 1207534 1207535 1207536 1207536 1207538 1207539 1207540 1207541 1207587 1207596 1207597 1207599 1207663 1207664 1207665 1207667 1207668 1207669 1207676 1207734 1207734 1207753 1207769 1207769 1207783 1207783 1207783 1207795 1207815 1207842 1207842 1207866 1207878 1207878 1207933 1207933 1207982 1207983 1207990 1207991 1207992 1207997 1208027 1208028 1208046 1208047 1208067 1208132 1208138 1208138 1208144 1208328 1208363 1208365 173030 744692 789311 876845 877776 885007 896188 914660 933411 933411 933411 933411 933411 933411 944832 951562 954532 970662 970663 971074 988954 991940 995541 CVE-2006-20001 CVE-2011-5325 CVE-2014-9645 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-1000128 CVE-2017-11591 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-11531 CVE-2018-17581 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2018-20679 CVE-2018-20846 CVE-2018-21010 CVE-2019-1010204 CVE-2019-13108 CVE-2019-13109 CVE-2019-13110 CVE-2019-13111 CVE-2019-13390 CVE-2019-15587 CVE-2019-17402 CVE-2019-18348 CVE-2019-18814 CVE-2019-19462 CVE-2019-19769 CVE-2019-20810 CVE-2019-20812 CVE-2019-2708 CVE-2019-5747 CVE-2020-0110 CVE-2020-0305 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-0543 CVE-2020-10135 CVE-2020-10696 CVE-2020-10711 CVE-2020-10732 CVE-2020-10735 CVE-2020-10751 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-10781 CVE-2020-11668 CVE-2020-12351 CVE-2020-12352 CVE-2020-12652 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14314 CVE-2020-14331 CVE-2020-14351 CVE-2020-14356 CVE-2020-14385 CVE-2020-14386 CVE-2020-14390 CVE-2020-14416 CVE-2020-15393 CVE-2020-15436 CVE-2020-15437 CVE-2020-15780 CVE-2020-16120 CVE-2020-16166 CVE-2020-1749 CVE-2020-19716 CVE-2020-24490 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-24588 CVE-2020-24588 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25658 CVE-2020-25668 CVE-2020-25669 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-27068 CVE-2020-27170 CVE-2020-27171 CVE-2020-27777 CVE-2020-27786 CVE-2020-27815 CVE-2020-27824 CVE-2020-27825 CVE-2020-27830 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-28915 CVE-2020-28941 CVE-2020-28974 CVE-2020-29369 CVE-2020-29370 CVE-2020-29371 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 CVE-2020-35519 CVE-2020-36158 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-4788 CVE-2020-7663 CVE-2020-8492 CVE-2020-8694 CVE-2021-20199 CVE-2021-20206 CVE-2021-20206 CVE-2021-20206 CVE-2021-20251 CVE-2021-21272 CVE-2021-21707 CVE-2021-21708 CVE-2021-22569 CVE-2021-23134 CVE-2021-23926 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28375 CVE-2021-28660 CVE-2021-28688 CVE-2021-28831 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29457 CVE-2021-29463 CVE-2021-29470 CVE-2021-29473 CVE-2021-29623 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-31291 CVE-2021-31566 CVE-2021-32399 CVE-2021-32617 CVE-2021-32815 CVE-2021-33034 CVE-2021-33200 CVE-2021-33655 CVE-2021-33655 CVE-2021-3428 CVE-2021-34334 CVE-2021-3444 CVE-2021-3483 CVE-2021-3491 CVE-2021-3530 CVE-2021-36222 CVE-2021-3623 CVE-2021-3648 CVE-2021-3711 CVE-2021-37620 CVE-2021-37621 CVE-2021-37622 CVE-2021-37623 CVE-2021-3826 CVE-2021-39191 CVE-2021-3928 CVE-2021-39698 CVE-2021-39698 CVE-2021-4024 CVE-2021-41174 CVE-2021-41190 CVE-2021-41244 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVE-2021-43337 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2021-45078 CVE-2021-45710 CVE-2021-46195 CVE-2022-1415 CVE-2022-1664 CVE-2022-1708 CVE-2022-1882 CVE-2022-1882 CVE-2022-1882 CVE-2022-1882 CVE-2022-1882 CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-1941 CVE-2022-1996 CVE-2022-2031 CVE-2022-2122 CVE-2022-2153 CVE-2022-2153 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21618 CVE-2022-21618 CVE-2022-21619 CVE-2022-21619 CVE-2022-21619 CVE-2022-21619 CVE-2022-21624 CVE-2022-21624 CVE-2022-21624 CVE-2022-21624 CVE-2022-21626 CVE-2022-21626 CVE-2022-21626 CVE-2022-21628 CVE-2022-21628 CVE-2022-21628 CVE-2022-21628 CVE-2022-2211 CVE-2022-2255 CVE-2022-2255 CVE-2022-23468 CVE-2022-23471 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23491 CVE-2022-23491 CVE-2022-23493 CVE-2022-23521 CVE-2022-23524 CVE-2022-23525 CVE-2022-23526 CVE-2022-23527 CVE-2022-23824 CVE-2022-24130 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 CVE-2022-24836 CVE-2022-25147 CVE-2022-2588 CVE-2022-2588 CVE-2022-2588 CVE-2022-2601 CVE-2022-2602 CVE-2022-2602 CVE-2022-2602 CVE-2022-2602 CVE-2022-2602 CVE-2022-2602 CVE-2022-2602 CVE-2022-2602 CVE-2022-27191 CVE-2022-27649 CVE-2022-27943 CVE-2022-28748 CVE-2022-28748 CVE-2022-29170 CVE-2022-29181 CVE-2022-2928 CVE-2022-2929 CVE-2022-29500 CVE-2022-29501 CVE-2022-29502 CVE-2022-2959 CVE-2022-2964 CVE-2022-2964 CVE-2022-2978 CVE-2022-2978 CVE-2022-2980 CVE-2022-2982 CVE-2022-2989 CVE-2022-2990 CVE-2022-30065 CVE-2022-3037 CVE-2022-3094 CVE-2022-3094 CVE-2022-3099 CVE-2022-31008 CVE-2022-3104 CVE-2022-3104 CVE-2022-3105 CVE-2022-3105 CVE-2022-3106 CVE-2022-3106 CVE-2022-3107 CVE-2022-3107 CVE-2022-3108 CVE-2022-3108 CVE-2022-3109 CVE-2022-3109 CVE-2022-31097 CVE-2022-31107 CVE-2022-3111 CVE-2022-3111 CVE-2022-3112 CVE-2022-3112 CVE-2022-3113 CVE-2022-3113 CVE-2022-3114 CVE-2022-3114 CVE-2022-3115 CVE-2022-3115 CVE-2022-31251 CVE-2022-31254 CVE-2022-31256 CVE-2022-3134 CVE-2022-3153 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628 CVE-2022-31629 CVE-2022-31630 CVE-2022-31630 CVE-2022-31631 CVE-2022-31631 CVE-2022-3169 CVE-2022-3169 CVE-2022-3171 CVE-2022-3176 CVE-2022-3176 CVE-2022-3234 CVE-2022-3235 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3278 CVE-2022-32888 CVE-2022-32923 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3341 CVE-2022-3341 CVE-2022-3344 CVE-2022-3344 CVE-2022-3352 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-33981 CVE-2022-33981 CVE-2022-34169 CVE-2022-3424 CVE-2022-3424 CVE-2022-3424 CVE-2022-3424 CVE-2022-3424 CVE-2022-3424 CVE-2022-3424 CVE-2022-3435 CVE-2022-3435 CVE-2022-3437 CVE-2022-3479 CVE-2022-3491 CVE-2022-3500 CVE-2022-3520 CVE-2022-3521 CVE-2022-3521 CVE-2022-3524 CVE-2022-3524 CVE-2022-3526 CVE-2022-3526 CVE-2022-3534 CVE-2022-3535 CVE-2022-3535 CVE-2022-3542 CVE-2022-3542 CVE-2022-3545 CVE-2022-3545 CVE-2022-3545 CVE-2022-3545 CVE-2022-3545 CVE-2022-3545 CVE-2022-3545 CVE-2022-3550 CVE-2022-3551 CVE-2022-3554 CVE-2022-3555 CVE-2022-3560 CVE-2022-3563 CVE-2022-3564 CVE-2022-3564 CVE-2022-3565 CVE-2022-3565 CVE-2022-3566 CVE-2022-3566 CVE-2022-3567 CVE-2022-3567 CVE-2022-3570 CVE-2022-3577 CVE-2022-3577 CVE-2022-3577 CVE-2022-3586 CVE-2022-3586 CVE-2022-3586 CVE-2022-3586 CVE-2022-3586 CVE-2022-3586 CVE-2022-3586 CVE-2022-3591 CVE-2022-3594 CVE-2022-3594 CVE-2022-35957 CVE-2022-3597 CVE-2022-35977 CVE-2022-3598 CVE-2022-3599 CVE-2022-36033 CVE-2022-3606 CVE-2022-36062 CVE-2022-3619 CVE-2022-3619 CVE-2022-3621 CVE-2022-3621 CVE-2022-36227 CVE-2022-3625 CVE-2022-3625 CVE-2022-3626 CVE-2022-3627 CVE-2022-3628 CVE-2022-3628 CVE-2022-3629 CVE-2022-3629 CVE-2022-3633 CVE-2022-3633 CVE-2022-3635 CVE-2022-3635 CVE-2022-3640 CVE-2022-3640 CVE-2022-3640 CVE-2022-3640 CVE-2022-3643 CVE-2022-3643 CVE-2022-3646 CVE-2022-3646 CVE-2022-3647 CVE-2022-3649 CVE-2022-3649 CVE-2022-3676 CVE-2022-36760 CVE-2022-37026 CVE-2022-37035 CVE-2022-3705 CVE-2022-3705 CVE-2022-3707 CVE-2022-3707 CVE-2022-3725 CVE-2022-37290 CVE-2022-3736 CVE-2022-37436 CVE-2022-37454 CVE-2022-37454 CVE-2022-37454 CVE-2022-3775 CVE-2022-3786 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-38126 CVE-2022-38127 CVE-2022-3821 CVE-2022-38223 CVE-2022-38533 CVE-2022-38784 CVE-2022-3903 CVE-2022-3903 CVE-2022-3924 CVE-2022-39253 CVE-2022-39260 CVE-2022-39282 CVE-2022-39283 CVE-2022-39316 CVE-2022-39317 CVE-2022-39318 CVE-2022-39319 CVE-2022-39320 CVE-2022-39347 CVE-2022-39348 CVE-2022-39399 CVE-2022-39399 CVE-2022-39399 CVE-2022-3964 CVE-2022-3970 CVE-2022-3996 CVE-2022-40023 CVE-2022-40476 CVE-2022-40476 CVE-2022-40617 CVE-2022-40768 CVE-2022-40768 CVE-2022-40897 CVE-2022-40897 CVE-2022-40898 CVE-2022-40899 CVE-2022-4095 CVE-2022-4095 CVE-2022-41218 CVE-2022-41218 CVE-2022-41218 CVE-2022-41218 CVE-2022-4129 CVE-2022-4129 CVE-2022-4139 CVE-2022-4139 CVE-2022-4139 CVE-2022-4139 CVE-2022-4139 CVE-2022-4139 CVE-2022-4139 CVE-2022-4139 CVE-2022-4141 CVE-2022-41674 CVE-2022-41716 CVE-2022-41716 CVE-2022-41717 CVE-2022-41717 CVE-2022-41720 CVE-2022-41720 CVE-2022-41741 CVE-2022-41742 CVE-2022-41850 CVE-2022-41850 CVE-2022-41858 CVE-2022-41858 CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVE-2022-41877 CVE-2022-41903 CVE-2022-41946 CVE-2022-42003 CVE-2022-42004 CVE-2022-4203 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 CVE-2022-42328 CVE-2022-42328 CVE-2022-42329 CVE-2022-42329 CVE-2022-42703 CVE-2022-42703 CVE-2022-42703 CVE-2022-42703 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42722 CVE-2022-42722 CVE-2022-42722 CVE-2022-42722 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-42826 CVE-2022-4283 CVE-2022-4283 CVE-2022-4283 CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-42895 CVE-2022-42895 CVE-2022-42896 CVE-2022-42896 CVE-2022-42898 CVE-2022-42898 CVE-2022-42917 CVE-2022-42919 CVE-2022-4292 CVE-2022-42920 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-4293 CVE-2022-42932 CVE-2022-42969 CVE-2022-4304 CVE-2022-4304 CVE-2022-4345 CVE-2022-43548 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680 CVE-2022-43750 CVE-2022-43750 CVE-2022-4378 CVE-2022-4378 CVE-2022-4378 CVE-2022-4378 CVE-2022-4378 CVE-2022-4378 CVE-2022-4378 CVE-2022-4378 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4379 CVE-2022-4382 CVE-2022-4382 CVE-2022-43945 CVE-2022-43945 CVE-2022-43945 CVE-2022-43945 CVE-2022-43945 CVE-2022-43945 CVE-2022-43945 CVE-2022-43945 CVE-2022-43995 CVE-2022-4415 CVE-2022-4415 CVE-2022-44267 CVE-2022-44268 CVE-2022-4450 CVE-2022-44566 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 CVE-2022-44617 CVE-2022-44638 CVE-2022-44792 CVE-2022-44793 CVE-2022-45061 CVE-2022-45063 CVE-2022-4515 CVE-2022-45153 CVE-2022-45403 CVE-2022-45403 CVE-2022-45404 CVE-2022-45404 CVE-2022-45405 CVE-2022-45405 CVE-2022-45406 CVE-2022-45406 CVE-2022-45408 CVE-2022-45408 CVE-2022-45409 CVE-2022-45409 CVE-2022-45410 CVE-2022-45410 CVE-2022-45411 CVE-2022-45411 CVE-2022-45412 CVE-2022-45412 CVE-2022-45414 CVE-2022-45416 CVE-2022-45416 CVE-2022-45418 CVE-2022-45418 CVE-2022-45420 CVE-2022-45420 CVE-2022-45421 CVE-2022-45421 CVE-2022-45869 CVE-2022-45869 CVE-2022-45888 CVE-2022-45888 CVE-2022-45934 CVE-2022-45934 CVE-2022-45939 CVE-2022-46146 CVE-2022-46149 CVE-2022-46174 CVE-2022-46176 CVE-2022-46176 CVE-2022-46285 CVE-2022-46340 CVE-2022-46340 CVE-2022-46340 CVE-2022-46341 CVE-2022-46341 CVE-2022-46341 CVE-2022-46342 CVE-2022-46342 CVE-2022-46342 CVE-2022-46343 CVE-2022-46343 CVE-2022-46343 CVE-2022-46344 CVE-2022-46344 CVE-2022-46344 CVE-2022-4662 CVE-2022-4662 CVE-2022-46663 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2022-46871 CVE-2022-46871 CVE-2022-46872 CVE-2022-46872 CVE-2022-46874 CVE-2022-46874 CVE-2022-46874 CVE-2022-46875 CVE-2022-46875 CVE-2022-46877 CVE-2022-46877 CVE-2022-46878 CVE-2022-46878 CVE-2022-46880 CVE-2022-46880 CVE-2022-46881 CVE-2022-46881 CVE-2022-46882 CVE-2022-46882 CVE-2022-46908 CVE-2022-4743 CVE-2022-47520 CVE-2022-47520 CVE-2022-47629 CVE-2022-47929 CVE-2022-47929 CVE-2022-48279 CVE-2022-48281 CVE-2022-48303 CVE-2022-4883 CVE-2022-4904 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0056 CVE-2023-0122 CVE-2023-0179 CVE-2023-0179 CVE-2023-0215 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0266 CVE-2023-0266 CVE-2023-0286 CVE-2023-0286 CVE-2023-0286 CVE-2023-0288 CVE-2023-0401 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0415 CVE-2023-0416 CVE-2023-0417 CVE-2023-0430 CVE-2023-0433 CVE-2023-0494 CVE-2023-0494 CVE-2023-0494 CVE-2023-0590 CVE-2023-0767 CVE-2023-0767 CVE-2023-20032 CVE-2023-20052 CVE-2023-21835 CVE-2023-21843 CVE-2023-22458 CVE-2023-22490 CVE-2023-22643 CVE-2023-22792 CVE-2023-22795 CVE-2023-22796 CVE-2023-22799 CVE-2023-22809 CVE-2023-23454 CVE-2023-23455 CVE-2023-23517 CVE-2023-23518 CVE-2023-23529 CVE-2023-23598 CVE-2023-23598 CVE-2023-23599 CVE-2023-23601 CVE-2023-23601 CVE-2023-23602 CVE-2023-23602 CVE-2023-23603 CVE-2023-23603 CVE-2023-23605 CVE-2023-23605 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-23946 CVE-2023-24021 CVE-2023-25725 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 ----------------------------------------------------------------- The container SUSE was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3277-1 Released: Wed Nov 11 09:06:52 2020 Summary: Recommended update for google-osconfig-agent Type: recommended Severity: moderate References: 1176427,1178249 This update for google-osconfig-agent fixes the following issues: This update ships the google-osconfig-agent in version 20200929.00 (bsc#1176427, bsc#1178249, jsc#ECO-2702, jsc#PM-2203) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:306-1 Released: Thu Feb 4 17:52:57 2021 Summary: Recommended update for RT kernel Type: security Severity: low References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541,CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694 This update syncs the RT kernel into the 15-SP2 codestream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1625-1 Released: Tue May 18 14:21:06 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1047233,1065729,1113295,1152472,1152489,1153274,1154353,1155518,1156256,1156395,1159280,1160634,1167773,1168777,1169514,1169709,1171295,1173485,1177326,1178163,1178181,1178330,1179454,1180197,1180980,1181383,1181507,1181674,1181862,1182011,1182077,1182485,1182552,1182574,1182591,1182595,1182712,1182713,1182715,1182716,1182717,1182770,1182989,1183015,1183018,1183022,1183023,1183048,1183252,1183277,1183278,1183279,1183280,1183281,1183282,1183283,1183284,1183285,1183286,1183287,1183288,1183366,1183369,1183386,1183405,1183412,1183416,1183427,1183428,1183445,1183447,1183501,1183509,1183530,1183534,1183540,1183593,1183596,1183598,1183637,1183646,1183662,1183686,1183692,1183696,1183750,1183757,1183775,1183843,1183859,1183871,1184074,1184120,1184167,1184168,1184170,1184176,1184192,1184193,1184194,1184196,1184198,1184211,1184217,1184218,1184219,1184220,1184224,1184388,1184391,1184393,1184509,1184511,1184512,1184514,1184583,1184647,CVE-2019-18814,CVE-2019-19769,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-27170,CVE-2020-27171,CVE-2020-27815,CVE-2020-35519,CVE-2020-36310,CVE-2020-36311,CVE-2020-36312,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28950,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29264,CVE-2021-29265,CVE-2021-29647,CVE-2021-30002,CVE-2021-3428,CVE-2021-3444,CVE-2021-3483 The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1915-1 Released: Wed Jun 9 14:29:50 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1043990,1055117,1065729,1152457,1152489,1155518,1156395,1167260,1167574,1168838,1174416,1174426,1175995,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184485,1184514,1184585,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587,CVE-2021-29155,CVE-2021-29650 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2208-1 Released: Wed Jun 30 09:49:44 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1087082,1133021,1152457,1152489,1155518,1156395,1162702,1164648,1176564,1177666,1178418,1178612,1179827,1179851,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1184081,1184082,1184611,1184855,1185428,1185497,1185589,1185606,1185645,1185677,1185680,1185696,1185703,1185725,1185758,1185859,1185861,1185863,1185898,1185899,1185911,1185938,1185987,1185988,1186061,1186285,1186320,1186439,1186441,1186460,1186498,1186501,1186573,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - Move upstreamed media fixes into sorted section - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get_max_io_size() (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - locking/seqlock: Tweak DEFINE_SEQLOCK() kernel doc (bsc#1176564 bsc#1162702). - lpfc: Decouple port_template and vport_template (bsc#185032). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net: enetc: fix link error again (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net: xfrm: Localize sequence counter per network namespace (bsc#1185696). - net: xfrm: Use sequence counter with associated spinlock (bsc#1185696). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: sanitize KATO setting (bsc#1179825). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - sctp: delay auto_asconf init until binding the first addr - seqlock,lockdep: Fix seqcount_latch_init() (bsc#1176564 bsc#1162702). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - tcp: fix to update snd_wl1 in bulk receiver fast path - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - vrf: fix a comment about loopback device (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3868-1 Released: Fri Nov 4 10:07:58 2022 Summary: Security update for rubygem-loofah Type: security Severity: moderate References: 1154751,CVE-2019-15587 This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements (bsc#1154751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3869-1 Released: Fri Nov 4 10:55:26 2022 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_0_0 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3872-1 Released: Fri Nov 4 14:07:25 2022 Summary: Recommended update for cepces Type: recommended Severity: important References: 1203273 This update for cepces fixes the following issues: - Fix cepces won't compile on SLE15SP5. (bsc#1203273) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3875-1 Released: Fri Nov 4 15:11:53 2022 Summary: Security update for xmlbeans Type: security Severity: important References: 1180915,CVE-2021-23926 This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3881-1 Released: Fri Nov 4 16:04:19 2022 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: This update for scap-security-guide fixes the following issues: - Ship Ubuntu 2204 profiles. - ComplianceAsCode was updated to 0.1.64 (jsc#ECO-3319): - Introduce OL9 stig and anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3889-1 Released: Mon Nov 7 15:25:52 2022 Summary: Security update for exiv2 Type: security Severity: important References: 1068871,1142675,1142679,1185002,1185218,1185447,1185913,1186053,1186192,1188645,1188733,1189332,1189333,1189334,1189335,1189338,CVE-2017-1000128,CVE-2019-13108,CVE-2019-13111,CVE-2020-19716,CVE-2021-29457,CVE-2021-29463,CVE-2021-29470,CVE-2021-29623,CVE-2021-31291,CVE-2021-32617,CVE-2021-34334,CVE-2021-37620,CVE-2021-37621,CVE-2021-37622,CVE-2021-37623 This update for exiv2 fixes the following issues: Updated to version 0.27.5 (jsc#PED-1393): - CVE-2017-1000128: Fixed stack out of bounds read in JPEG2000 parser (bsc#1068871). - CVE-2019-13108: Fixed integer overflow PngImage:readMetadata (bsc#1142675). - CVE-2020-19716: Fixed buffer overflow vulnerability in the Databuf function in types.cpp (bsc#1188645). - CVE-2021-29457: Fixed heap buffer overflow when write metadata into a crafted image file (bsc#1185002). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2021-29623: Fixed read of uninitialized memory (bsc#1186053). - CVE-2021-31291: Fixed heap-based buffer overflow in jp2image.cpp (bsc#1188733). - CVE-2021-32617: Fixed denial of service due to inefficient algorithm (bsc#1186192). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37621: Fixed DoS due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37622: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189334) - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter(bsc#1189338) - CVE-2021-37623: Fixed DoS due to infinite loop in JpegBase:printStructure (bsc#1189335) - CVE-2021-29463: Fixed out-of-bounds read in webpimage.cpp (bsc#1185913). - CVE-2021-34334: Fixed DoS due to integer overflow in loop counter (bsc#1189338) - CVE-2019-13111: Fixed integer overflow in WebPImage:decodeChunks that lead to denial of service (bsc#1142679) - CVE-2021-29463: Fixed an out-of-bounds read was found in webpimage.cpp (bsc#1185913) Bugfixes: - Fixed build using GCC 11 (bsc#1185218). A new libexiv2-2_27 shared library is shipped, the libexiv2-2_26 is provided only for compatibility now. Please recompile your applications using the exiv2 library. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3899-1 Released: Tue Nov 8 10:43:45 2022 Summary: Security update for sendmail Type: security Severity: important References: 1202937,1204696,CVE-2022-31256 This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3908-1 Released: Tue Nov 8 12:31:18 2022 Summary: Security update for gstreamer-plugins-good Type: security Severity: moderate References: 1201688,1201693,1201702,1201704,1201706,1201707,1201708,CVE-2022-1920,CVE-2022-1921,CVE-2022-1922,CVE-2022-1923,CVE-2022-1924,CVE-2022-1925,CVE-2022-2122 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3909-1 Released: Tue Nov 8 13:02:20 2022 Summary: Recommended update for crmsh Type: recommended Severity: moderate References: 1196726,1202465,1202655,1204670 This update for crmsh fixes the following issues: - Update to version 4.4.0+20221028.3e41444: * Packaging: create /var/log/crmsh with tmpfiles.d * Fix: log: ownership and mode of log files should be set in RotatingFileHandler * Fix: crmsh not working when using ACL * fix: log: fail to open log file even if user is in haclient group (bsc#1204670) * Dev: bootstrap: Show remote node name when stopping service remotely * Dev: parallax: Add LogLevel=error ssh option to filter out warnings (bsc#1196726) * Revert 'Only raise exception when return code of systemctl ssh command is larger than 4 (bsc#1196726)' (bsc#1202655) * configure: refresh cib before showing or modifying if no pending changes has been made (bsc#1202465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3915-1 Released: Tue Nov 8 14:12:47 2022 Summary: Security update for vsftpd Type: security Severity: moderate References: 1196918 This update for vsftpd fixes the following issues: Bugfixes: - Removed unsupported systemd hardening options (bsc#1196918). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3917-1 Released: Tue Nov 8 16:41:28 2022 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1203164,1203181 This update for python-azure-agent fixes the following issues: - Properly set OS.EnableRDMA flag (bsc#1203181) - Update to version 2.8.0.11 (bsc#1203164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3932-1 Released: Thu Nov 10 11:55:12 2022 Summary: Security update for python-rsa Type: security Severity: moderate References: 1178676,CVE-2020-25658 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3936-1 Released: Thu Nov 10 13:36:13 2022 Summary: Security update for libarchive Type: security Severity: moderate References: 1192426,1192427,CVE-2021-31566 This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426) - Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3941-1 Released: Thu Nov 10 15:01:32 2022 Summary: Security update for xwayland Type: security Severity: important References: 1204412,1204416,CVE-2022-3550,CVE-2022-3551 This update for xwayland fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3943-1 Released: Thu Nov 10 16:47:07 2022 Summary: Recommended update for ocfs2-tools Type: recommended Severity: moderate References: 1191084 This update for ocfs2-tools fixes the following issues: - ocfs2-tools: finish UsrMerge, install to /usr (bsc#1191084) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3946-1 Released: Fri Nov 11 08:17:46 2022 Summary: Recommended update for wireplumber Type: recommended Severity: moderate References: 1200485,1202008 This update for wireplumber fixes the following issues: - Fix to automatically enable wireplumber user service in new and current installations (bsc#1200485, bsc#1202008) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3953-1 Released: Fri Nov 11 11:41:28 2022 Summary: Security update for xterm Type: security Severity: moderate References: 1195387,CVE-2022-24130 This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3959-1 Released: Fri Nov 11 15:38:11 2022 Summary: Security update for busybox Type: security Severity: important References: 1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1192869,951562,970662,970663,991940,CVE-2011-5325,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes * CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data * CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp * CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() * CVE-2011-5325 (bsc#951562): tar directory traversal * CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3963-1 Released: Mon Nov 14 09:05:22 2022 Summary: Recommended update for sssd Type: recommended Severity: moderate References: 1202559 This update for sssd fixes the following issues: - Fix the 'No matching host rule found' error in sdap_access_host (bsc#1202559) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3969-1 Released: Mon Nov 14 14:03:32 2022 Summary: Security update for kubevirt stack Type: security Severity: important References: This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3970-1 Released: Mon Nov 14 14:04:20 2022 Summary: Security update for containerized-data-importer Type: security Severity: important References: This update rebuilds the current containeried data importer images against current base images, to fix security issues. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3972-1 Released: Mon Nov 14 15:03:13 2022 Summary: Recommended update for p7zip Type: recommended Severity: low References: 1203316 This update for p7zip fixes the following issue: - Ship p7zip-full to SLE15-SP3 basesystem (bsc#1203316). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3976-1 Released: Mon Nov 14 20:05:36 2022 Summary: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Type: security Severity: important References: 1204289,CVE-2022-42722 This update for the Linux Kernel 5.14.21-150400_24_21 fixes one issue. The following security issue was fixed: - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3978-1 Released: Tue Nov 15 09:56:31 2022 Summary: Security update for rpmlint-mini Type: recommended Severity: moderate References: 1201207 This update for rpmlint-mini fixes the following issues: - NetworkManager: update nm-priv-helper whitelisting (bsc#1201207) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3979-1 Released: Tue Nov 15 11:05:22 2022 Summary: Security update for python-Mako Type: security Severity: moderate References: 1203246,CVE-2022-40023 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3983-1 Released: Tue Nov 15 11:46:29 2022 Summary: Security update for freerdp Type: security Severity: moderate References: 1204257,1204258,CVE-2022-39282,CVE-2022-39283 This update for freerdp fixes the following issues: - CVE-2022-39282: Fix to init data read by `/parallel` command line switch. (bsc#1204258) - CVE-2022-39283: Fix to prevent video channel from reading uninitialized data. (bsc#1204257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3986-1 Released: Tue Nov 15 12:57:41 2022 Summary: Security update for libX11 Type: security Severity: moderate References: 1204422,1204425,CVE-2022-3554,CVE-2022-3555 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3991-1 Released: Tue Nov 15 13:54:13 2022 Summary: Security update for dhcp Type: security Severity: moderate References: 1203988,1203989,CVE-2022-2928,CVE-2022-2929 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3995-1 Released: Tue Nov 15 16:49:28 2022 Summary: Security update for jackson-databind Type: security Severity: important References: 1204369,1204370,CVE-2022-42003,CVE-2022-42004 This update for jackson-databind fixes the following issues: Update to version 2.13.4.2: - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3996-1 Released: Tue Nov 15 17:06:52 2022 Summary: Security update for 389-ds Type: security Severity: low References: 1194119,1204493,1204748,1205146,CVE-2021-45710 This update for 389-ds fixes the following issues: - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119). - Update to version 2.0.16~git56.d15a0a7: - Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). - Resolve issue with checklist post migration when dds is present (bsc#1204748). - Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3997-1 Released: Tue Nov 15 17:07:17 2022 Summary: Security update for php7 Type: security Severity: important References: 1203867,1203870,1204577,1204979,CVE-2021-21707,CVE-2021-21708,CVE-2022-31625,CVE-2022-31626,CVE-2022-31628,CVE-2022-31629,CVE-2022-31630,CVE-2022-37454 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979). - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577). - Version update to 7.4.32 (jsc#SLE-23639) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3998-1 Released: Tue Nov 15 17:07:45 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203701,1203767,1203770,1203802,1203922,1203979,1204017,1204051,1204059,1204060,1204125,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-41674,CVE-2022-42703,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722,CVE-2022-43750 The SUSE Linux Enterprise 15-SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788). - CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018). - CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700). - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent (bnc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479). - CVE-2022-3619: Fixed memory leak in l2cap_recv_acldata() in net/bluetooth/l2cap_core.c of the component (bnc#1204569). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635). - CVE-2022-3633: Fixed memory leak in j1939_session_destroy() in net/can/j1939/transport.c (bnc#1204650). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bnc#1203514). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drop verbose nvme logging feature (bsc#1200567). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390x: fix SCK locking (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - build mlx in arm64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. Change mlx4, mlx5 and mlxfw from built-in to module. - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs: update mediator information in CoC docs (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commit in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - increase NR_CPUS on azure and follow kernel-default (bsc#1203979) - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remove unused CONFIG_MAXSMP from arm64/azure - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4000-1 Released: Tue Nov 15 17:08:27 2022 Summary: Security update for python-Twisted Type: security Severity: low References: 1204781,CVE-2022-39348 This update for python-Twisted fixes the following issues: - CVE-2022-39348: Fixed NameVirtualHost Host header injection (bsc#1204781). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4001-1 Released: Tue Nov 15 17:08:52 2022 Summary: Security update for sudo Type: security Severity: important References: 1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4002-1 Released: Tue Nov 15 17:09:26 2022 Summary: Recommended update for gegl, gimp, gnome-photos, libgexiv2 Type: recommended Severity: moderate References: This update for gegl, gimp, gnome-photos, libgexiv2 has the following changes: - The packages were rebuilt against exiv2 0.27, to allow obsoleting the old 0.26 version. - No other changes were done. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4003-1 Released: Tue Nov 15 17:09:53 2022 Summary: Security update for nodejs16 Type: security Severity: important References: 1205119,CVE-2022-43548 This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). - Update to LTS version 16.18.0: * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() * deps: npm updated to 8.19.2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4004-1 Released: Tue Nov 15 17:10:13 2022 Summary: Security update for python310 Type: security Severity: important References: 1204886,1205244,CVE-2022-42919,CVE-2022-45061 This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method (bsc#1204886). - CVE-2022-45061: Fixed a quadratic IDNA decoding time (bsc#1205244). Other fixes: - allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesn’t fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments “name” and “variable” are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: don’t call the previous signal handler if it’s NULL. - In inspect, fix overeager replacement of “typing.” in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that it’s not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so it works as intended to disable ref target resolution. - Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable for a bugfix. So we keep the warning and no longer claim that literal_eval is safe. - Update tutorial introduction output to use 3.10+ SyntaxError invalid range. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4005-1 Released: Tue Nov 15 17:10:33 2022 Summary: Security update for php8 Type: security Severity: important References: 1204577,1204979,CVE-2022-31630,CVE-2022-37454 This update for php8 fixes the following issues: - CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577). - CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979). - version update to 8.0.25 (27 Oct 2022) * Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). * Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4006-1 Released: Wed Nov 16 08:25:00 2022 Summary: Recommended update for kernel-firmware Type: recommended Severity: important References: 1203699 This update for kernel-firmware fixes the following issues: - Update firmware for CS35L41 codecs (bsc#1203699) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4007-1 Released: Wed Nov 16 09:12:44 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4008-1 Released: Wed Nov 16 10:29:27 2022 Summary: Recommended update for python3-ec2imgutils Type: recommended Severity: moderate References: 1199722 This update for python3-ec2imgutils fixes the following issues: - Update to version 10.0.1 + Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as tpm versions on the command line - Update to version 10.0.0 (bsc#1199722) + Add --tpm-support as command line option and tpm_support to the API to register images that support NitroTPM + API change for ec2deprecateimg. It is now possible to deprecate an image without providing a successor image. - Add rpm-macros to build requirements in spec. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4010-1 Released: Wed Nov 16 11:07:36 2022 Summary: Security update for apache2-mod_wsgi Type: security Severity: moderate References: 1201634,CVE-2022-2255 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4011-1 Released: Wed Nov 16 11:29:09 2022 Summary: Security update for jsoup Type: security Severity: moderate References: 1203459,CVE-2022-36033 This update for jsoup fixes the following issues: Updated to version 1.15.3: - CVE-2022-36033: Fixed incorrect sanitization of user input in SafeList.preserveRelativeLinks (bsc#1203459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4016-1 Released: Wed Nov 16 14:52:06 2022 Summary: Security update for rubygem-nokogiri Type: security Severity: important References: 1198408,1199782,CVE-2022-24836,CVE-2022-29181 This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4018-1 Released: Wed Nov 16 15:43:31 2022 Summary: Recommended update for python-service_identity Type: recommended Severity: low References: 1203743 This update for python-service_identity fixes the following issues: - Loose the filelist for the package info to avoid build failure (bsc#1203743) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4021-1 Released: Wed Nov 16 15:46:09 2022 Summary: Recommended update for mdadm Type: recommended Severity: low References: 1193566 This update for mdadm fixes the following issues: - Add EXTRAVERSION as make argument on build (jsc#SLE-24761, bsc#1193566) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4035-1 Released: Wed Nov 16 21:35:40 2022 Summary: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Type: security Severity: important References: 1200058,1202087,1203613,1204170,1204289,CVE-2021-33655,CVE-2022-1882,CVE-2022-2588,CVE-2022-42703,CVE-2022-42722 This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4036-1 Released: Wed Nov 16 21:35:48 2022 Summary: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Type: security Severity: important References: 1196959,CVE-2021-39698 This update for the Linux Kernel 5.14.21-150400_24_28 fixes one issue. The following security issue was fixed: - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4039-1 Released: Wed Nov 16 22:06:42 2022 Summary: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Type: security Severity: important References: 1200058,1203613,1204170,1204289,CVE-2022-1882,CVE-2022-2588,CVE-2022-42703,CVE-2022-42722 This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4040-1 Released: Thu Nov 17 04:53:34 2022 Summary: Recommended update for libvirt Type: recommended Severity: important References: 1158430,1196087,1197084,1202608,1202630,1203976 This update for libvirt fixes the following issues: - apparmor: Fix QEMU access for UEFI variable files (bsc#1203976) - qemu: Don't assume that /usr/libexec/qemu-kvm exists (bsc#1158430, bsc#1196087) - qemu: Support memory allocation threads (bsc#1197084) - spec: Include aarch64 in the list of architectures that 'Require' dmidecode (bsc#1202608) - vmx: Require networkName for bridged and custom NICs (bsc#1202630) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4041-1 Released: Thu Nov 17 04:55:47 2022 Summary: Recommended update for libuv Type: recommended Severity: moderate References: 1199062 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4043-1 Released: Thu Nov 17 09:05:54 2022 Summary: Recommended update for python3-ec2metadata Type: recommended Severity: moderate References: 1204066 This update for python3-ec2metadata fixes the following issues: - Update to version 4.0.0 (bsc#1204066) - Disambiguate cli options for duplicate endpoints. This is an incompatible change for some API versions of IMDS. When a duplicate endpoint is detected the cli option for both endpoints is expanded to a unique name. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4045-1 Released: Thu Nov 17 09:17:07 2022 Summary: Recommended update for pacemaker Type: recommended Severity: critical References: 1196673,1198409,1198715,1203367,1204581,1205279 This update for pacemaker fixes the following issues: - tools: fix syntax on resetting options in crm_resource (bsc#1198409) - tools: display the correct minimum execution status when executing 'crm_resource -O' (bsc#1205279, bsc#1204581) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4047-1 Released: Thu Nov 17 14:03:05 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1186399,1201701 This update for nvme-cli fixes the following issues: - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) - fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701) - Various other fabrics related bug fixes were added. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4049-1 Released: Thu Nov 17 14:04:02 2022 Summary: Recommended update for libnvme Type: recommended Severity: moderate References: 1201501,1201700,1201701,1201717 This update for libnvme fixes the following issues: - Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717) - Subsystem scanning logic - Fabrics improvements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4054-1 Released: Thu Nov 17 15:36:58 2022 Summary: Security update for go1.19 Type: security Severity: low References: 1200441,1204941,CVE-2022-41716 This update for go1.19 fixes the following issues: Update to go 1.19.3 (released 2022-11-01) (bsc#1200441): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE 'unhandled stmt ASOP' while fuzzing (go#56106). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4055-1 Released: Thu Nov 17 15:37:24 2022 Summary: Security update for go1.18 Type: security Severity: low References: 1193742,1204941,CVE-2022-41716 This update for go1.18 fixes the following issues: Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count' fatal error when cgo is enabled (go#56308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4058-1 Released: Thu Nov 17 15:40:53 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1205270,CVE-2022-45403,CVE-2022-45404,CVE-2022-45405,CVE-2022-45406,CVE-2022-45408,CVE-2022-45409,CVE-2022-45410,CVE-2022-45411,CVE-2022-45412,CVE-2022-45416,CVE-2022-45418,CVE-2022-45420,CVE-2022-45421 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 102.5.0 ESR (MFSA 2022-48, bsc#1205270): - CVE-2022-45403: Service Workers might have learned size of cross-origin media files - CVE-2022-45404: Fullscreen notification bypass - CVE-2022-45405: Use-after-free in InputStream implementation - CVE-2022-45406: Use-after-free of a JavaScript Realm - CVE-2022-45408: Fullscreen notification bypass via windowName - CVE-2022-45409: Use-after-free in Garbage Collection - CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy - CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers - CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers - CVE-2022-45416: Keystroke Side-Channel Leakage - CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI - CVE-2022-45420: Iframe contents could be rendered outside the iframe - CVE-2022-45421: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:4059-1 Released: Thu Nov 17 17:03:02 2022 Summary: Optional update for ssg-apply Type: optional Severity: moderate References: This update for ssg-apply fixes the following issues: This package contains a systemd service which can be run on boot which detects and/or mitigates hardening issues from the scap-security-guide, aka ComplianceAsCode. The behaviour can be configured in the config file /etc/ssg-apply/default.conf Options: - 'profile' ... Which SCAP XCCDF profile to use. The default is 'stig' for the SUSE supported DISA stig profile. Other profiles from the scap-security-guide can also be selected, like 'cis', 'hipaa', 'pci-dss' and others. - 'remediate' Whether to have the service immediately fix the issues. The default is 'off', if you want to enable automatic remediation, use 'on'. - 'tailoring-file' ... default is '' (none). A tailoring file is a XML configuration file that can be used to select/deselect rules to check / remediate. The service can be enabled with: * systemctl enable ssg-apply.service ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4061-1 Released: Fri Nov 18 05:56:17 2022 Summary: Recommended update for sapconf Type: recommended Severity: important References: 1190736,1190787 This update for sapconf fixes the following issues: - Adapt check of an active saptune service during the initial package installation to work in a chroot environment and fix the missing enablement of sapconf (bsc#1190736, bsc#1190787) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4072-1 Released: Fri Nov 18 13:36:05 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CVE-2022-43750 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - revert 'crypto: qat - reduce size of mapped region' (git-fixes). - revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4076-1 Released: Fri Nov 18 15:00:38 2022 Summary: Recommended update for jsoup Type: recommended Severity: moderate References: This update for jsoup fixes the following issues: - Fix typo in the ant *-build.xml file that caused errors while building eclipse. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4078-1 Released: Fri Nov 18 15:34:17 2022 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1203476,1204468,1204471,1204472,1204473,1204475,1204480,1204523,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-39399 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4079-1 Released: Fri Nov 18 15:36:28 2022 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1203476,1204468,1204472,1204473,1204475,1204480,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21628,CVE-2022-39399 This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4082-1 Released: Fri Nov 18 15:44:06 2022 Summary: Security update for openjpeg Type: security Severity: important References: 1140205,1149789,1179821,1180043,1180044,1180046,CVE-2018-20846,CVE-2018-21010,CVE-2020-27824,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845 This update for openjpeg fixes the following issues: - CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi. (bsc#1140205) - CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789) - CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821) - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043) - CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044) - CVE-2020-27845: Fixed a heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4085-1 Released: Fri Nov 18 16:38:57 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1204421,1205270,CVE-2022-42927,CVE-2022-42928,CVE-2022-42929,CVE-2022-42932,CVE-2022-45403,CVE-2022-45404,CVE-2022-45405,CVE-2022-45406,CVE-2022-45408,CVE-2022-45409,CVE-2022-45410,CVE-2022-45411,CVE-2022-45412,CVE-2022-45416,CVE-2022-45418,CVE-2022-45420,CVE-2022-45421 This update for MozillaThunderbird fixes the following issues: - Fixed various security issues (MFSA 2022-49, bsc#1205270): * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5 - Fixed various security issues: (MFSA 2022-46, bsc#1204421): * CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine * CVE-2022-42929 (bmo#1789439) Denial of Service via window.print * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety bugs fixed in Thunderbird 102.4 - Mozilla Thunderbird 102.5 * changed: `Ctrl+N` shortcut to create new contacts from address book restored (bmo#1751288) * fixed: Account Settings UI did not update to reflect default identity changes (bmo#1782646) * fixed: New POP mail notifications were incorrectly shown for messages marked by filters as read or junk (bmo#1787531) * fixed: Connecting to an IMAP server configured to use `PREAUTH` caused Thunderbird to hang (bmo#1798161) * fixed: Error responses received in greeting header from NNTP servers did not display error message (bmo#1792281) * fixed: News messages sent using 'Send Later' failed to send after going back online (bmo#1794997) * fixed: 'Download/Sync Now...' did not completely sync all newsgroups before going offline (bmo#1795547) * fixed: Username was missing from error dialog on failed login to news server (bmo#1796964) * fixed: Thunderbird can now fetch RSS channel feeds with incomplete channel URL (bmo#1794775) * fixed: Add-on 'Contribute' button in Add-ons Manager did not work (bmo#1795751) * fixed: Help text for `/part` Matrix command was incorrect (bmo#1795578) * fixed: Invite Attendees dialog did not fetch free/busy info for attendees with encoded characters in their name (bmo#1797927) - Mozilla Thunderbird 102.4.2 * changed: 'Address Book' button in Account Central will now create a CardDAV address book instead of a local address book (bmo#1793903) * fixed: Messages fetched from POP server in `Fetch headers only` mode disappeared when moved to different folder by filter action (bmo#1793374) * fixed: Thunderbird re-downloaded locally deleted messages from a POP server when 'Leave messages on server' and 'Until I delete them' were enabled (bmo#1796903) * fixed: Multiple password prompts for the same POP account could be displayed (bmo#1786920) * fixed: IMAP authentication failed on next startup if ImapMail folder was deleted by user (bmo#1793599) * fixed: Retrieving passwords for authenticated NNTP accounts could fail due to obsolete preferences in a users profile on every startup (bmo#1770594) * fixed: `Get Next n Messages` did not consistently fetch all messages requested from NNTP server (bmo#1794185) * fixed: `Get Messages` button unable to fetch messages from NNTP server if root folder not selected (bmo#1792362) * fixed: Thunderbird text branding did not always match locale of localized build (bmo#1786199) * fixed: Thunderbird installer and Thunderbird updater created Windows shortcuts with different names (bmo#1787264) * fixed: LDAP search filters unable to work with non-ASCII characters (bmo#1794306) * fixed: 'Today' highlighting in Calendar Month view did not update after date change at midnight (bmo#1795176) - Mozilla Thunderbird 102.4.1 * new: Thunderbird will now catch and report errors parsing vCards that contain incorrectly formatted dates (bmo#1793415) * fixed: Dynamic language switching did not update interface when switched to right-to-left languages (bmo#1794289) * fixed: Custom header data was discarded after messages were saved as draft and reopened (bmo#195716) * fixed: `-remote` command line argument did not work, affecting integration with various applications such as LibreOffice (bmo#1793323) * fixed: Messages received via some SMS-to-email services could not display images (bmo#1774805) * fixed: VCards with nickname field set could not be edited (bmo#1793877) * fixed: Some recurring events were missing from Agenda on first load (bmo#1771168) * fixed: Download requests for remote ICS calendars incorrectly set 'Accept' header to text/xml (bmo#1793757) * fixed: Monthly events created on the 31st of a month with <30 days placed first occurrence 1-2 days after the beginning of the following month (bmo#1266797) * fixed: Various visual and UX improvements (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 (bmo#1790610) * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze (bmo#1792675) * fixed: Forwarding messages with special characters in Subject failed on Windows (bmo#1782173) * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters (bmo#1789589) * fixed: Address Book display pane continued to show contacts after deletion (bmo#1777808) * fixed: Printing address book did not include all contact details (bmo#1782076) * fixed: CardDAV contacts without a Name property did not save to Google Contacts (bmo#1792101) * fixed: 'Publish Calendar' did not work (bmo#1794471) * fixed: Calendar database storage improvements (bmo#1792124) * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar (bmo#1792923) * fixed: Various visual and UX improvements (bmo#1776093,bmo#17 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 3543) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4113-1 Released: Fri Nov 18 18:04:53 2022 Summary: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Type: security Severity: important References: 1200058,1202087,1202685,1203613,1204170,1204289,1204381,CVE-2021-33655,CVE-2022-1882,CVE-2022-2588,CVE-2022-2959,CVE-2022-42703,CVE-2022-42722 This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - Fixed incorrect handling of empty arguments array in execve() (bsc#1200571). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4130-1 Released: Fri Nov 18 21:05:52 2022 Summary: Security update for frr Type: security Severity: important References: 1202085,1204124,CVE-2022-37035,CVE-2022-42917 This update for frr fixes the following issues: - CVE-2022-37035: Fixed a possible use-after-free due to a race condition related to bgp_notify_send_with_data() and bgp_process_packet() (bsc#1202085). - CVE-2022-42917: Fixed a privilege escalation from frr to root in frr config creation (bsc#1204124). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4131-1 Released: Sat Nov 19 10:25:11 2022 Summary: Recommended update for rust, rust1.65 Type: recommended Severity: moderate References: 1196328 This update for rust, rust1.65 fixes the following issues: This update provides rust1.65 (jsc#SLE-18626) Version 1.65.0 (2022-11-03) ========================== Language -------- - Error on `as` casts of enums with `#[non_exhaustive]` variants - Stabilize `let else` - Stabilize generic associated types (GATs) - Add lints `let_underscore_drop`, `let_underscore_lock`, and `let_underscore_must_use` from Clippy - Stabilize `break`ing from arbitrary labeled blocks ('label-break-value') - Uninitialized integers, floats, and raw pointers are now considered immediate UB sage of `MaybeUninit` is the correct way to work with uninitialized memory. - Stabilize raw-dylib for Windows x86_64, aarch64, and thumbv7a - Do not allow `Drop` impl on foreign ADTs Compiler -------- - Stabilize -Csplit-debuginfo on Linux - Use niche-filling optimization even when multiple variants have data - Associated type projections are now verified to be well-formed prior to resolving the underlying type - Stringify non-shorthand visibility correctly - Normalize struct field types when unsizing - Update to LLVM 15 - Fix aarch64 call abi to correctly zeroext when needed - debuginfo: Generalize C++-like encoding for enums - Add `special_module_name` lint - Add support for generating unique profraw files by default when using `-C instrument-coverage` - Allow dynamic linking for iOS/tvOS targets Libraries --------- - Don't generate `PartialEq::ne` in derive(PartialEq) - Windows RNG: Use `BCRYPT_RNG_ALG_HANDLE` by default - Forbid mixing `System` with direct system allocator calls - Document no support for writing to non-blocking stdio/stderr - `std::layout::Layout` size must not overflow `isize::MAX` when rounded up to `align` This also changes the safety conditions on `Layout::from_size_align_unchecked`. Stabilized APIs --------------- - `std::backtrace::Backtrace` - `Bound::as_ref` - `std::io::read_to_string` - `<*const T>::cast_mut` - `<*mut T>::cast_const` Thse APIs are now stable in const contexts: - `<*const T>::offset_from` - `<*mut T>::offset_from` Cargo ----- - Apply GitHub fast path even for partial hashes - Do not add home bin path to PATH if it's already there - Take priority into account within the pending queue This slightly optimizes job scheduling by Cargo, with typically small improvements on larger crate graph builds. Compatibility Notes ------------------- - `std::layout::Layout` size must not overflow `isize::MAX` when rounded up to `align` This also changes the safety conditions on `Layout::from_size_align_unchecked`. - `PollFn` now only implements `Unpin` if the closure is `Unpin` This is a possible breaking change if users were relying on the blanket unpin implementation. See discussion on the PR for details of why this change was made. - Drop ExactSizeIterator impl from std::char::EscapeAscii This is a backwards-incompatible change to the standard library's surface area, but is unlikely to affect real world usage. - Do not consider a single repeated lifetime eligible for elision in the return type This behavior was unintentionally changed in 1.64.0, and this release reverts that change by making this an error again. - Reenable disabled early syntax gates as future-incompatibility lints - Update the minimum external LLVM to 13 - Don't duplicate file descriptors into stdio fds - Sunset RLS - Deny usage of `#![cfg_attr(..., crate_type = ...)]` to set the crate type This strengthens the forward compatibility lint deprecated_cfg_attr_crate_type_name to deny. - `llvm-has-rust-patches` allows setting the build system to treat the LLVM as having Rust-specific patches This option may need to be set for distributions that are building Rust with a patched LLVM via `llvm-config`, not the built-in LLVM. Changes in rust: - Update to version 1.65.0 - for details see the rust1.65 package - Enable armv6 again - bsc#1196328 This update also ships 'cargo-auditable', a tool to embed crate information into ELF binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4133-1 Released: Mon Nov 21 00:11:56 2022 Summary: Recommended update for python-webencodings Type: recommended Severity: low References: 1203743 This update for python-webencodings fixes the following issue: - Loose the filelist for the package info to avoid build failure (bsc#1203743) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4134-1 Released: Mon Nov 21 00:12:57 2022 Summary: Recommended update for python-crcmod Type: recommended Severity: low References: 1203453 This update for python-crcmod fixes the following issues: - Replace python-base with python-devel in BuildRequires (bsc#1203453) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4137-1 Released: Mon Nov 21 00:14:24 2022 Summary: Recommended update for yast2-http-server Type: recommended Severity: moderate References: 1200016 This update for yast2-http-server fixes the following issue: - Find out php version dynamically to avoid hardcoded version (bsc#1200016) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4138-1 Released: Mon Nov 21 02:21:02 2022 Summary: Recommended update for python-msgpack Type: recommended Severity: important References: 1203743 This update for python-msgpack fixes the following issues: - Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4139-1 Released: Mon Nov 21 02:22:07 2022 Summary: Recommended update for libpfm Type: recommended Severity: moderate References: 1196709,1197770 This update for libpfm fixes the following issues: - Remove python2 support. (bsc#1196709, bsc#1197770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate References: 1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE= in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to 'warn' will generate a warning message whenever any multibyte character is encountered. Using the option to 'warn-sym-only' will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4147-1 Released: Mon Nov 21 10:24:07 2022 Summary: Security update for kubevirt stack Type: security Severity: important References: This update provides rebuilds of the kubevirt containers with up to date base images, fixing various security issues. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4152-1 Released: Mon Nov 21 14:16:26 2022 Summary: Recommended update for novnc Type: recommended Severity: low References: 1201933 This update for novnc fixes the following issues: - For greater compatibility specify string binary as protocol (bsc#1201933) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4164-1 Released: Tue Nov 22 10:58:37 2022 Summary: Recommended update for PackageKit Type: recommended Severity: moderate References: 1199895,1202585 This update for PackageKit fixes the following issues: - Ensure that package locks are honored (bsc#1199895): * Avoid clearing status information on locked packages * Check if packages are locked before attempting to remove them * Don't refresh repos before searching * Updatelibzypp dependency version to 17.31.0 * Restore pool status after simulating an update - Add repository data in the package id (bsc#1202585) - Implement upgrade-system method in openSUSE Leap (not supported in SUSE Linux Enterprise) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4166-1 Released: Tue Nov 22 11:08:48 2022 Summary: Security update for java-1_8_0-ibm Type: security Severity: important References: 1201684,1201685,1201692,1201694,1202427,1204468,1204471,1204472,1204473,1204475,1204480,1205302,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628,CVE-2022-34169,CVE-2022-39399 This update for java-1_8_0-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204471). - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204468). - CVE-2022-21619: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE (bsc#1204473). - CVE-2022-21628: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204472). - CVE-2022-21624: An unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise (bsc#1204475). - CVE-2022-39399: An unauthenticated attacker with network access via HTTP can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1204480). - CVE-2022-21549: Fixed exponentials issue (bsc#1201685). - CVE-2022-21541: Fixed an improper restriction of MethodHandle.invokeBasic() (bsc#1201692). - CVE-2022-34169; Fixed an integer truncation issue in Xalan (bsc#1201684). - CVE-2022-21540: Fixed a class compilation issue (bsc#1201694). - Update to Java 8.0 Service Refresh 7 Fix Pack 20. * Security: - The IBM ORB Does Not Support Object-Serialisation Data Filtering - Large Allocation In CipherSuite - Avoid Evaluating Sslalgorithmconstraints Twice - Cache The Results Of Constraint Checks - An incorrect ShortBufferException is thrown by IBMJCEPlus, IBMJCEPlusFIPS during cipher update operation - Disable SHA-1 Signed Jars For Ea - JSSE Performance Improvement - Oracle Road Map Kerberos Deprecation Of 3DES And RC4 Encryption * Java 8/Orb: - Upgrade ibmcfw.jar To Version o2228.02 * Class Libraries: - Crash In Libjsor.So During An Rdma Failover - High CPU Consumption Observed In ZosEventPort$EventHandlerTask.run - Update Timezone Information To The Latest tzdata2022c * Jit Compiler: - Crash During JIT Compilation - Incorrect JIT Optimization Of Java Code - Incorrect Return From Class.isArray() - Unexpected ClassCastException - Performance Regression When Calling VM Helper Code On X86 * X/Os Extentions: - Add RSA-OAEP Cipher Function To IBMJCECCA - Update to Java 8.0 Service Refresh 7 Fix Pack 16 * Java Virtual Machine - Assertion failure at ClassLoaderRememberedSet.cpp - Assertion failure at StandardAccessBarrier.cpp when -Xgc:concurrentScavenge is set. - GC can have unflushed ownable synchronizer objects which can eventually lead to heap corruption and failure when -Xgc:concurrentScavenge is set. * JIT Compiler: - Incorrect JIT optimization of Java code - JAVA JIT Power: JIT compile time assert on AIX or LINUXPPC * Reliability and Serviceability: - javacore with 'kill -3' SIGQUIT signal freezes Java process ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4168-1 Released: Tue Nov 22 14:14:11 2022 Summary: Security update for redis Type: security Severity: low References: 1204633,CVE-2022-3647 This update for redis fixes the following issues: - CVE-2022-3647: Fixed crash in sigsegvHandler debug function (bsc#1204633). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4171-1 Released: Tue Nov 22 15:24:35 2022 Summary: Recommended update for release-notes-sle_hpc Type: recommended Severity: moderate References: 933411 This update for release-notes-sle_hpc fixes the following issues: Version update of release notes from 15.4.20220831 to 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4176-1 Released: Tue Nov 22 15:25:17 2022 Summary: Recommended update for release-notes-sled Type: recommended Severity: moderate References: 933411 This update for release-notes-sled fixes the following issues: Update release notes from version 15.4.20220511 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4182-1 Released: Tue Nov 22 15:27:32 2022 Summary: Recommended update for release-notes-sles Type: recommended Severity: moderate References: 1201266,1201370,1201709,1202115,1203256,1203259,1203461,1203527,1203528,1203781,933411 This update for release-notes-sles fixes the following issues: Update release notes from version 15.4.20220714 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about global crypto policies (bsc#1203781) - Added note about PHP7 (bsc#1203461) - Added note about removal of bind-chrootenv (bsc#1201266) - Added note about SUSEConnect tracking (jsc#SLE-24988) - Added AWS Graviton3 (jsc#SLE-24526) - Updated wording of ULP note (bsc#1203528) - Fixed broken link (bsc#1203527) - Fixed incorrect information about ODBC driver location (bsc#1203256) - Fixed spelling of SUSEConnect and suseconnect-ng (bsc#1203259) - Updated Java lifecycle (jsc#PED-1590) - Added note about zypper async downloads (jsc#SLE-20484) - Added note about Eclipse removal (jsc#SLE-23694) - Added note about nodejs16 addition (jsc#SLE-21779) - Added note about nodejs-common update (jsc#SLE-21233) - Added note about cloud-init 21.3 (jsc#SLE-22902) - Added note about GUI apps under WSL (jsc#SLE-21511) - Added note about AMX (jsc#SLE-21491) - Added note about Tomoyo (bsc#1202115) - Updated PHP 8 note to refer to version 8.0.10 (bsc#1201709) - Updated wording around list of updated packages/modules (bsc#1201370) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4188-1 Released: Wed Nov 23 05:17:15 2022 Summary: Recommended update for release-notes-sles-for-sap Type: recommended Severity: moderate References: 1201401,933411 This update for release-notes-sles-for-sap fixes the following issues: Update release notes from version 15.4.20220714 to version 15.4.20220930 (bsc#933411): - Added note about SUSEConnect tracking (jsc#SLE-23312) - Added note about deprecating sapwmp (bsc#1201401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4191-1 Released: Wed Nov 23 10:36:30 2022 Summary: Security update for containerized-data-importer Type: security Severity: important References: This update rebuilds the current containeried data importer images against current base images, to fix security issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4194-1 Released: Wed Nov 23 12:12:07 2022 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1205388,CVE-2022-3964 This update for ffmpeg-4 fixes the following issues: - CVE-2022-3964: Fixed out of bounds read in update_block_in_prev_frame() (bsc#1205388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4197-1 Released: Wed Nov 23 12:57:08 2022 Summary: Security update for strongswan Type: security Severity: moderate References: 1203556,CVE-2022-40617 This update for strongswan fixes the following issues: Security issues fixed: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Feature changes: - Enable Marvell plugin (jsc#SLE-20151) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4200-1 Released: Wed Nov 23 14:04:50 2022 Summary: Recommended update for perl-DBD-SQLite Type: recommended Severity: low References: 1203742 This update for perl-DBD-SQLite fixes the following issues: - Fixed a failing test when comparing lowercase data (bsc#1203742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4204-1 Released: Wed Nov 23 16:57:51 2022 Summary: Security update for keylime Type: security Severity: moderate References: 1204782,CVE-2022-3500 This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested (bsc#1204782). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4205-1 Released: Wed Nov 23 17:34:41 2022 Summary: Security update for net-snmp Type: security Severity: moderate References: 1201103,CVE-2022-24805,CVE-2022-24806,CVE-2022-24807,CVE-2022-24808,CVE-2022-24809,CVE-2022-24810 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4206-1 Released: Wed Nov 23 17:35:17 2022 Summary: Security update for pixman Type: security Severity: important References: 1205033,CVE-2022-44638 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4207-1 Released: Wed Nov 23 17:35:48 2022 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1205120,1205121,1205122,1205123,1205124,CVE-2022-32888,CVE-2022-32923,CVE-2022-42799,CVE-2022-42823,CVE-2022-42824 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4208-1 Released: Wed Nov 23 17:36:22 2022 Summary: Security update for exiv2-0_26 Type: security Severity: important References: 1050257,1095070,1110282,1119559,1119560,1119562,1142677,1142678,1153577,1186231,1189337,CVE-2017-11591,CVE-2018-11531,CVE-2018-17581,CVE-2018-20097,CVE-2018-20098,CVE-2018-20099,CVE-2019-13109,CVE-2019-13110,CVE-2019-17402,CVE-2021-29473,CVE-2021-32815 This update for exiv2-0_26 fixes the following issues: - CVE-2019-17402: Fixed improper validation of the total size to the offset and size leads to a crash in Exiv2::getULong in types.cpp (bsc#1153577). - CVE-2018-20098: Fixed a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header (bsc#1119560). - CVE-2018-17581: Fixed an excessive stack consumption CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282). - CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header (bsc#1119559). - CVE-2018-20097: Fixed SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562). - CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType (bsc#1050257). - CVE-2018-11531: Fixed a heap-based buffer overflow in getData in preview.cpp (bsc#1095070). - CVE-2021-32815: Fixed a deny-of-service due to assertion failure in crwimage_int.cpp (bsc#1189337). - CVE-2021-29473: Fixed out-of-bounds read in Exiv2::Jp2Image:doWriteMetadata (bsc#1186231). - CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata (bsc#1142677). - CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in CiffDirectory:readDirectory leads to denail of service (bsc#1142678). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4209-1 Released: Wed Nov 23 17:36:43 2022 Summary: Security update for libarchive Type: security Severity: low References: 1205629,CVE-2022-36227 This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4213-1 Released: Thu Nov 24 15:54:17 2022 Summary: Recommended update for libnvidia-container, nvidia-container-toolkit Type: recommended Severity: moderate References: This update for libnvidia-container, nvidia-container-toolkit fixes the following issues: Both nvidia-container-toolkit and libnvidia-container were updated to version 1.11.0 (jsc#SLE-18750): 1.11.0: - Added support for injection of GPUDirect Storage and MOFED devices into containerized environments. 1.10.0: - Improving support for Tegra-based systems 1.9.0: - Added multi-arch support for the container-toolkit images. - Enhancements for use on Tegra-systems and some notable bugfixes. 1.8.1: - This release is a bugfix release that fixes issues around cgroups found in NVIDIA Container Toolkit 1.8.0. 1.8.0: - It adds cgroupv2 support to the NVIDIA Container Toolkit and removes packaging support for Amazonlinux1. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4214-1 Released: Thu Nov 24 16:17:31 2022 Summary: Security update for libdb-4_8 Type: security Severity: low References: 1174414,CVE-2019-2708 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4215-1 Released: Thu Nov 24 16:48:05 2022 Summary: Security update for erlang Type: security Severity: important References: 1205318,CVE-2022-37026 This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4224-1 Released: Fri Nov 25 16:34:06 2022 Summary: Security update for freerdp Type: security Severity: moderate References: 1205563,1205564,CVE-2022-39318,CVE-2022-39319 This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563). - CVE-2022-39319: Fixed missing input buffer length check in urbdrc (bsc#1205564). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4225-1 Released: Fri Nov 25 18:16:40 2022 Summary: Recommended update for valgrind Type: recommended Severity: low References: 1204685 This update for valgrind fixes the following issues: - Fix memory check between RDMA and atomics (bsc#1204685) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:4229-1 Released: Fri Nov 25 18:18:05 2022 Summary: Optional update for cmocka Type: optional Severity: low References: 1204451 This update for cmocka fixes the following issues: - Ship the package also to Server Applications Module (bsc#1204451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4232-1 Released: Fri Nov 25 18:19:06 2022 Summary: Recommended update for llvm11 Type: recommended Severity: low References: 1189602 This update for llvm11 fixes the following issues: - The LLVM test suite expects specific compressed binary payload but with IBM z HW compression that payload can vary and not match the software implementation, fixes testsuite errors (bsc#1189602) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4233-1 Released: Fri Nov 25 18:19:33 2022 Summary: Recommended update for publicsuffix Type: recommended Severity: low References: This update for publicsuffix fixes the following issues: - Update to version 20220903 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4234-1 Released: Fri Nov 25 18:19:54 2022 Summary: Recommended update for osc Type: recommended Severity: moderate References: This update for osc fixes the following issues: - 0.182.0 - fix build on SLE12 / python 2.7 - SSH auth: Fix getallmatchingheaders() output to correspond with headers.get_all() - send HTTP header Accept: application/xml - git_version: return version from the source code if there's no matching tag - spec file: - Revert to python2 on SLE12 - Recommend openssh for ssh key auth - fix building on distros that are not openSUSE or SLE - build against python3.6 for SLE12 and older - 0.181.0 - fix crash when 'pass' is not set in the config file - add missing attributes to Package when scm_url is set - fix failure to create config in current dir - update list of considered file names for ssh key autodetection - allow users to prefer ssh key over password auth - ssh: recognize gpg keys (yubikey usage) - fix operating on _project meta - revert 'interpretation of string literals in messages' that broke unicode handling - fix product build rpm caching - enable md5 revisions in osc log - parseRevisionOption(): raise an exception on invalid revisions - 0.180.0 - warn when trying to commit a prj/pac managed in scm - fix crash on 'osc up' for git based package/projects - don't traceback on invalid credentials manager - improve README, rename it to README.md - declare OscHTTPSignatureAuthHandler as a new-style class - remove illegal character in comment ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4235-1 Released: Fri Nov 25 18:20:13 2022 Summary: Recommended update for yast2-users Type: recommended Severity: moderate References: 1202974 This update for yast2-users fixes the following issues: - AutoYaST: Fix creation of home for system users (bsc#1202974) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4238-1 Released: Fri Nov 25 18:21:06 2022 Summary: Recommended update for rekor Type: recommended Severity: moderate References: This update for rekor fixes the following issues: - updated to rekor 0.12.0 (jsc#SLE-23476) - enable server build ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4239-1 Released: Fri Nov 25 18:21:20 2022 Summary: Recommended update for plymouth Type: recommended Severity: low References: 1203147 This update for plymouth fixes the following issues: - Remove typo on patch to clear dracut 'command not found' error (bsc#1203147). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4259-1 Released: Mon Nov 28 15:42:54 2022 Summary: Security update for tiff Type: security Severity: important References: 1204641,1204643,1204644,1204645,1205392,CVE-2022-3597,CVE-2022-3599,CVE-2022-3626,CVE-2022-3627,CVE-2022-3970 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4261-1 Released: Tue Nov 29 03:58:45 2022 Summary: Feature update for libvpd Type: feature Severity: moderate References: This feature update for libvpd fixes the following issues: libvpd: - New package at version 2.2.9 needed by lsvpd (jsc#SLE-25107, jsc#SLE-24497) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4263-1 Released: Tue Nov 29 07:31:54 2022 Summary: Recommended update for python-pyperclip Type: recommended Severity: important References: 1203743 This update for python-pyperclip fixes the following issues: - Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4299-1 Released: Wed Nov 30 14:13:00 2022 Summary: Recommended update for dconf Type: recommended Severity: moderate References: 1203344,971074 This update for dconf fixes the following issues: - Re-enable fix for `dconf update` to restore correct permissions on db files (bsc#971074, bsc#1203344) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4304-1 Released: Thu Dec 1 09:11:59 2022 Summary: Security update for emacs Type: security Severity: important References: 1205822,CVE-2022-45939 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4306-1 Released: Thu Dec 1 09:27:10 2022 Summary: Security update for bcel Type: security Severity: moderate References: 1205125,CVE-2022-42920 This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4308-1 Released: Thu Dec 1 15:51:19 2022 Summary: Security update for virt-v2v Type: security Severity: moderate References: 1201064,CVE-2022-2211 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4311-1 Released: Fri Dec 2 11:02:43 2022 Summary: Recommended update for open-vm-tools Type: recommended Severity: critical References: This update for open-vm-tools fixes the following issues: - Include binaries of open-vm-tools for ARM architecture aarch64 in SUSE Linux Enterprise 15 Service Pack 4 (jsc#SLE-22385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4313-1 Released: Mon Dec 5 02:32:13 2022 Summary: Feature update for python-cached-property, python-osc-tiny, python-responses Type: feature Severity: important References: This update for python-cached-property, python-osc-tiny, python-responses fixes the following issues: python-cached-property: - New package at version 1.5.2 (jsc#PED-1872, jsc#PED-1964) python-responses: - Version update from 0.10.12 to 0.21.0 (jsc#PED-1872, jsc#PED-1964) - Dropped support of Python 2.7, 3.5, 3.6 - For the full list of changes please read the packaged CHANGES file or https://github.com/getsentry/responses/releases python-osc-tiny: - New package at version 0.7.5 (jsc#PED-1872, jsc#PED-1964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4314-1 Released: Mon Dec 5 08:05:35 2022 Summary: Recommended update for Yast2 Type: recommended Severity: moderate References: 1199746,1201235,1201435,1201962,1202479,1203866,1204448,1204559 This update for Yast2 fixes the following issues: autoyast2: - Allow empty values in ask/default, ask/selection/label and ask/selection/value elements (bsc#1204448) - Add needed packages for the selected network backend in order to prevent it is not declared in the software section (bsc#1201235, bsc#1201435) yast2-bootloader: - Prevent leak of grub2 password to logs (bsc#1201962) yast2-installation: - Fix copy of entropy pool during installation (bsc#1204559) yast2-network: - Do not assume wicked will be installed by default anymore and return the needed packages by the selected backend when them are not installed (bsc#1201235, bsc#1201435) - Fixed issue when writing the NetworkManager config without a gateway (bsc#1203866) - Activate s390 devices before importing and reading the network configuration or otherwise the related linux devices will not be present and could be ignored (bsc#1199746) - At the end of the installation, force an enablement of the selected network service even when the selected one has not been modified and ensure other backends are disabled (bsc#1202479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4326-1 Released: Tue Dec 6 03:22:25 2022 Summary: Recommended update for hawk2 Type: recommended Severity: important References: 1196673,1198647,1199258,1203367 This update for hawk2 fixes the following issues: - Fix detection of partial upgrade (bsc#1196673,bsc#1203367) - Improve handling of unmatched paths (bsc#1199258) - Allow configuration of cookies to HttpOnly by the use of the environment variable HAWK_COOKIE_HTTP_ONLY=true (bsc#1198647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4334-1 Released: Tue Dec 6 16:01:53 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1205941,CVE-2022-45414 This update for MozillaThunderbird fixes the following issues: Update to version 102.5.1: - CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (bsc#1205941). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4336-1 Released: Tue Dec 6 16:27:50 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4337-1 Released: Tue Dec 6 16:51:12 2022 Summary: Recommended update for collectd Type: recommended Severity: moderate References: This update of collectd fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4338-1 Released: Tue Dec 6 16:51:30 2022 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: This update of 389-ds fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4339-1 Released: Tue Dec 6 16:51:57 2022 Summary: Recommended update for hplip Type: recommended Severity: moderate References: This update of hplip fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4349-1 Released: Wed Dec 7 16:15:52 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1202812,CVE-2020-10696,CVE-2022-2990 This update for buildah fixes the following issues: Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812). - CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4354-1 Released: Thu Dec 8 10:10:00 2022 Summary: Recommended update for mvapich2 Type: recommended Severity: moderate References: 1175679,1199808 This update for mvapich2 fixes the following issues: - Fix SIGFPE during MPI_Init on non-NUMA systems (bsc#1199808, bsc#1175679) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4361-1 Released: Thu Dec 8 16:11:52 2022 Summary: Recommended update for pdsh, slurm_22_05 Type: recommended Severity: important References: CVE-2021-43337,CVE-2022-29500,CVE-2022-29501,CVE-2022-29502,CVE-2022-31251 This update for pdsh, slurm_22_05 fixes the following issues: Slurm was updated to 22.05.5 - Fixes a number of moderate severity issues, noteable are: * Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. * Update nvml plugin to match the unique id format for MIG devices in new Nvidia drivers. * Fix multi-node step launch failure when nodes in the controller aren't in natural order. This can happen with inconsistent node naming (such as node15 and node052) or with dynamic nodes which can register in any order. * job_container/tmpfs - cleanup containers even when the .ns file isn't mounted anymore. * Wait up to PrologEpilogTimeout before shutting down slurmd to allow prolog and epilog scripts to complete or timeout. Previously, slurmd waited 120 seconds before timing out and killing prolog and epilog scripts. - Do not deduplicate files of testsuite Slurm configuration. This directory is supposed to be mounted over /etc/slurm therefore it must not contain softlinks to the files in this directory. - Fix a potential security vulnerability in the test package (bsc#1201674, CVE-2022-31251). - update to 22.05.2 with following fixes: * Fix regression which allowed the oversubscription of licenses. * Fix a segfault in slurmctld when requesting gres in job arrays. - Allow log in as user 'slurm'. This allows admins to run certain priviledged commands more easily without becoming root. update to 22.05.0 with following changes: - Support for dynamic node addition and removal - Support for native Linux cgroup v2 operation - Newly added plugins to support HPE Slingshot 11 networks (switch/hpe_slingshot), and Intel Xe GPUs (gpu/oneapi) - Added new acct_gather_interconnect/sysfs plugin to collect statistics from arbitrary network interfaces. - Expanded and synced set of environment variables available in the Prolog/Epilog/PrologSlurmctld/EpilogSlurmctld scripts. - New '--prefer' option to job submissions to allow for a 'soft constraint' request to influence node selection. - Optional support for license planning in the backfill scheduler with 'bf_licenses' option in SchedulerParameters. - Add a comment about the CommunicationParameters=block_null_hash option warning users who migrate - just in case. - Update to 21.08.8 which fixes CVE-2022-29500 (bsc#1199278), CVE-2022-29501 (bsc#1199279), and CVE-2022-29502 (bsc#1199281). - Added 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations. - Update to 21.08.7 with following changes: * openapi/v0.0.37 - correct calculation for bf_queue_len_mean in /diag. * Avoid shrinking a reservation when overlapping with downed nodes. * Only check TRES limits against current usage for TRES requested by the job. * Do not allocate shared gres (MPS) in whole-node allocations * Constrain slurmstepd to job/step cgroup like in previous versions of Slurm. * Fix warnings on 32-bit compilers related to printf() formats. * Fix reconfigure issues after disabling/reenabling the GANG PreemptMode. * Fix race condition where a cgroup was being deleted while another step was creating it. * Set the slurmd port correctly if multi-slurmd * Fix FAIL mail not being sent if a job was cancelled due to preemption. * slurmrestd - move debug logs for HTTP handling to be gated by debugflag NETWORK to avoid unnecessary logging of communication contents. * Fix issue with bad memory access when shrinking running steps. * Fix various issues with internal job accounting with GRES when jobs are shrunk. * Fix ipmi polling on slurmd reconfig or restart. * Fix srun crash when reserved ports are being used and het step fails to launch. * openapi/dbv0.0.37 - fix DELETE execution path on /user/{user_name}. * slurmctld - Properly requeue all components of a het job if PrologSlurmctld fails. * rlimits - remove final calls to limit nofiles to 4096 but to instead use the max possible nofiles in slurmd and slurmdbd. * Allow the DBD agent to load large messages (up to MAX_BUF_SIZE) from state. * Fix potential deadlock during slurmctld restart when there is a completing job. * slurmstepd - reduce user requested soft rlimits when they are above max hard rlimits to avoid rlimit request being completely ignored and processes using default limits. * Fix Slurm user commands displaying available features as active features when no features were active. * Don't power down nodes that are rebooting. * Clear pending node reboot on power down request. * Ignore node registrations while node is powering down. * Don't reboot any node that is power down. * Don't allow a node to reboot if it's marked for power down. * Fix issuing reboot and downing when rebooting a powering up node. * Clear DRAIN on node after failing to resume before ResumeTimeout. * Prevent repeating power down if node fails to resume before ResumeTimeout. * Fix federated cloud node communication with srun and cloud_dns. * Fix jobs being scheduled on nodes marked to be powered_down when idle. * Fix problem where a privileged user could not view array tasks specified by _ when PrivateData had the jobs value set. - Changes in Slurm 21.08.6 * Fix plugin_name definitions in a number of plugins to improve logging. * Close sbcast file transfers when job is cancelled. * scrontab - fix handling of --gpus and --ntasks-per-gpu options. * sched/backfill - fix job_queue_rec_t memory leak. * Fix magnetic reservation logic in both main and backfill schedulers. * job_container/tmpfs - fix memory leak when using InitScript. * slurmrestd / openapi - fix memory leaks. * Fix slurmctld segfault due to job array resv_list double free. * Fix multi-reservation job testing logic. * Fix slurmctld segfault due to insufficient job reservation parse validation. * Fix main and backfill schedulers handling for already rejected job array. * sched/backfill - restore resv_ptr after yielding locks. * acct_gather_energy/xcc - appropriately close and destroy the IPMI context. * Protect slurmstepd from making multiple calls to the cleanup logic. * Prevent slurmstepd segfault at cleanup time in mpi_fini(). * Fix slurmctld sometimes hanging if shutdown while PrologSlurmctld or EpilogSlurmctld were running and PrologEpilogTimeout is set in slurm.conf. * Fix affinity of the batch step if batch host is different than the first node in the allocation. * slurmdbd - fix segfault after multiple failover/failback operations. * Fix jobcomp filetxt job selection condition. * Fix -f flag of sacct not being used. * Select cores for job steps according to the socket distribution. Previously, sockets were always filled before selecting cores from the next socket. * Keep node in Future state if epilog completes while in Future state. * Fix erroneous --constraint behavior by preventing multiple sets of brackets. * Make ResetAccrueTime update the job's accrue_time to now. * Fix sattach initialization with configless mode. * Revert packing limit checks affecting pmi2. * sacct - fixed assertion failure when using -c option and a federation display * Fix issue that allowed steps to overallocate the job's memory. * Fix the sanity check mode of AutoDetect so that it actually works. * Fix deallocated nodes that didn't actually launch a job from waiting for Epilogslurmctld to complete before clearing completing node's state. * Job should be in a completing state if EpilogSlurmctld when being requeued. * Fix job not being requeued properly if all node epilog's completed before EpilogSlurmctld finished. * Keep job completing until EpilogSlurmctld is completed even when 'downing' a node. * Fix handling reboot with multiple job features. * Fix nodes getting powered down when creating new partitions. * Fix bad bit_realloc which potentially could lead to bad memory access. * slurmctld - remove limit on the number of open files. * Fix bug where job_state file of size above 2GB wasn't saved without any error message. * Fix various issues with no_consume gres. * Fix regression in 21.08.0rc1 where job steps failed to launch on systems that reserved a CPU in a cgroup outside of Slurm (for example, on systems with WekaIO). * Fix OverTimeLimit not being reset on scontrol reconfigure when it is removed from slurm.conf. * serializer/yaml - use dynamic buffer to allow creation of YAML outputs larger than 1MiB. * Fix minor memory leak affecting openapi users at process termination. * Fix batch jobs not resolving the username when nss_slurm is enabled. * slurmrestd - Avoid slurmrestd ignoring invalid HTTP method if the response serialized without error. * openapi/dbv0.0.37 - Correct conditional that caused the diag output to give an internal server error status on success. * Make --mem-bind=sort work with task_affinity * Fix sacctmgr to set MaxJobsAccruePer{User|Account} and MinPrioThres in sacctmgr add qos, modify already worked correctly. * job_container/tmpfs - avoid printing extraneous error messages in Prolog and Epilog, and when the job completes. * Fix step CPU memory allocation with --threads-per-core without --exact. * Remove implicit --exact when --threads-per-core or --hint=nomultithread is used. * Do not allow a step to request more threads per core than the allocation did. * Remove implicit --exact when --cpus-per-task is used. - update to 21.08.5 with following changes: * Fix issue where typeless GRES node updates were not immediately reflected. * Fix setting the default scrontab job working directory so that it's the home of the different user (*u ) and not that of root or SlurmUser editor. * Fix stepd not respecting SlurmdSyslogDebug. * Fix concurrency issue with squeue. * Fix job start time not being reset after launch when job is packed onto already booting node. * Fix updating SLURM_NODE_ALIASES for jobs packed onto powering up nodes. * Cray - Fix issues with starting hetjobs. * auth/jwks - Print fatal() message when jwks is configured but file could not be opened. * If sacctmgr has an association with an unknown qos as the default qos print 'UNKN*###' instead of leaving a blank name. * Correctly determine task count when giving --cpus-per-gpu, --gpus and *-ntasks-per-node without task count. * slurmctld - Fix places where the global last_job_update was not being set to the time of update when a job's reason and description were updated. * slurmctld - Fix case where a job submitted with more than one partition would not have its reason updated while waiting to start. * Fix memory leak in node feature rebooting. * Fix time limit permanetly set to 1 minute by backfill for job array tasks higher than the first with QOS NoReserve flag and PreemptMode configured. * Fix sacct -N to show jobs that started in the current second * Fix issue on running steps where both SLURM_NTASKS_PER_TRES and SLURM_NTASKS_PER_GPU are set. * Handle oversubscription request correctly when also requesting *-ntasks-per-tres. * Correctly detect when a step requests bad gres inside an allocation. * slurmstepd - Correct possible deadlock when UnkillableStepTimeout triggers. * srun - use maximum number of open files while handling job I/O. * Fix writing to Xauthority files on root_squash NFS exports, which was preventing X11 forwarding from completing setup. * Fix regression in 21.08.0rc1 that broke --gres=none. * Fix srun --cpus-per-task and --threads-per-core not implicitly setting *-exact. It was meant to work this way in 21.08. * Fix regression in 21.08.0 that broke dynamic future nodes. * Fix dynamic future nodes remembering active state on restart. * Fix powered down nodes getting stuck in COMPLETING+POWERED_DOWN when job is cancelled before nodes are powering up. updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree. * CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.) changes from 21.08.3: * This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality. - Utilize sysuser infrastructure to set user/group slurm. For munge authentication slurm should have a fixed UID across all nodes including the management server. Set it to 120 - Limit firewalld service definitions to SUSE versions >= 15. - added service definitions for firewalld (JSC#SLE-22741) update to 21.08.2 - major change: * removed of support of the TaskAffinity=yes option in cgroup.conf. Please consider using 'TaskPlugins=cgroup,affinity' in slurm.conf as an option. - minor changes and bugfixes: * slurmctld - fix how the max number of cores on a node in a partition are calculated when the partition contains multi*socket nodes. This in turn corrects certain jobs node count estimations displayed client*side. * job_submit/cray_aries - fix 'craynetwork' GRES specification after changes introduced in 21.08.0rc1 that made TRES always have a type prefix. * Ignore nonsensical check in the slurmd for [Pro|Epi]logSlurmctld. * Fix writing to stderr/syslog when systemd runs slurmctld in the foreground. * Fix issue with updating job started with node range. * Fix issue with nodes not clearing state in the database when the slurmctld is started with clean*start. * Fix hetjob components > 1 timing out due to InactiveLimit. * Fix sprio printing -nan for normalized association priority if PriorityWeightAssoc was not defined. * Disallow FirstJobId=0. * Preserve job start info in the database for a requeued job that hadn't registered the first time in the database yet. * Only send one message on prolog failure from the slurmd. * Remove support for TaskAffinity=yes in cgroup.conf. * accounting_storage/mysql - fix issue where querying jobs via sacct *-whole-hetjob=yes or slurmrestd (which automatically includes this flag) could in some cases return more records than expected. * Fix issue for preemption of job array task that makes afterok dependency fail. Additionally, send emails when requeueing happens due to preemption. * Fix sending requeue mail type. * Properly resize a job's GRES bitmaps and counts when resizing the job. * Fix node being able to transition to CLOUD state from non-cloud state. * Fix regression introduced in 21.08.0rc1 which broke a step's ability to inherit GRES from the job when the step didn't request GRES but the job did. * Fix errors in logic when picking nodes based on bracketed anded constraints. This also enforces the requirement to have a count when using such constraints. * Handle job resize better in the database. * Exclude currently running, resized jobs from the runaway jobs list. * Make it possible to shrink a job more than once. - moved pam module from /lib64 to /usr/lib64 which fixes bsc#1191095 via the macro %_pam_moduledir updated to 21.08.1 with following bug fixes: * Fix potential memory leak if a problem happens while allocating GRES for a job. * If an overallocation of GRES happens terminate the creation of a job. * AutoDetect=nvml: Fatal if no devices found in MIG mode. * Print federation and cluster sacctmgr error messages to stderr. * Fix off by one error in --gpu-bind=mask_gpu. * Add --gpu-bind=none to disable gpu binding when using --gpus-per-task. * Handle the burst buffer state 'alloc-revoke' which previously would not display in the job correctly. * Fix issue in the slurmstepd SPANK prolog/epilog handler where configuration values were used before being initialized. * Restore a step's ability to utilize all of an allocations memory if --mem=0. * Fix --cpu-bind=verbose garbage taskid. * Fix cgroup task affinity issues from garbage taskid info. * Make gres_job_state_validate() client logging behavior as before 44466a4641. * Fix steps with --hint overriding an allocation with --threads-per-core. * Require requesting a GPU if --mem-per-gpu is requested. * Return error early if a job is requesting --ntasks-per-gpu and no gpus or task count. * Properly clear out pending step if unavailable to run with available resources. * Kill all processes spawned by burst_buffer.lua including decendents. * openapi/v0.0.{35,36,37} - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.{35,36,37} - Clear user hold on job update if hold=false. * Prevent CRON_JOB flag from being cleared when loading job state. * sacctmgr - Fix deleting WCKeys when not specifying a cluster. * Fix getting memory for a step when the first node in the step isn't the first node in the allocation. * Make SelectTypeParameters=CR_Core_Memory default for cons_tres and cons_res. * Correctly handle mutex unlocks in the gres code if failures happen. * Give better error message if -m plane is given with no size. * Fix --distribution=arbitrary for salloc. * Fix jobcomp/script regression introduced in 21.08.0rc1 0c75b9ac9d. * Only send the batch node in the step_hostlist in the job credential. * When setting affinity for the batch step don't assume the batch host is node 0. * In task/affinity better checking for node existence when laying out affinity. * slurmrestd - fix job submission with auth/jwt. - Make configure arg '--with-pmix' conditional. - Move openapi plugins to package slurm-restd. updated to 21.08.0, major changes: * A new 'AccountingStoreFlags=job_script' option to store the job scripts directly in SlurmDBD. * Added 'sacct -o SubmitLine' format option to get the submit line of a job/step. * Changes to the node state management so that nodes are marked as PLANNED instead of IDLE if the scheduler is still accumulating resources while waiting to launch a job on them. * RS256 token support in auth/jwt. * Overhaul of the cgroup subsystems to simplify operation, mitigate a number of inherent race conditions, and prepare for future cgroup v2 support. * Further improvements to cloud node power state management. * A new child process of the Slurm controller called 'slurmscriptd' responsible for executing PrologSlurmctld and EpilogSlurmctld scripts, which significantly reduces performance issues associated with enabling those options. * A new burst_buffer/lua plugin allowing for site-specific asynchronous job data management. * Fixes to the job_container/tmpfs plugin to allow the slurmd process to be restarted while the job is running without issue. * Added json/yaml output to sacct, squeue, and sinfo commands. * Added a new node_features/helpers plugin to provide a generic way to change settings on a compute node across a reboot. * Added support for automatically detecting and broadcasting shared libraries for an executable launched with 'srun --bcast'. * Added initial OCI container execution support with a new --container option to sbatch and srun. * Improved 'configless' support by allowing multiple control servers to be specified through the slurmd --conf-server option, and send additional configuration files at startup including cli_filter.lua. Changes in pdsh: - Preparing pdsh for Slurm 22.05. * No later version of Slurm builds on 32 bit. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4365-1 Released: Thu Dec 8 16:14:30 2022 Summary: Recommended update for powerman Type: recommended Severity: moderate References: This update of powerman fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4367-1 Released: Thu Dec 8 16:56:07 2022 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: critical References: 1191880,1195924,1195925,1203382,1205089,1206082 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924) - Implement functionality to detect if an update server has a new cert. Import the new cert when it is detected. - From 10.0.6 (bsc#1205089) - Credentials are equal when username and password are the same ignore other entries in the credentials file - Handle multiple zypper names in process table, zypper and Zypp-main to properly detect the running process - Require dmidecode only on supported archs (bsc#1206082) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4371-1 Released: Thu Dec 8 17:19:43 2022 Summary: Security update for busybox Type: security Severity: moderate References: 1199744,914660,CVE-2014-9645,CVE-2022-30065 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4375-1 Released: Thu Dec 8 17:40:32 2022 Summary: Recommended update for pam_saslauthd Type: recommended Severity: moderate References: This update for pam_saslauthd fixes the following issues: Initial shipment of version 0.1.0~1. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4378-1 Released: Thu Dec 8 18:34:03 2022 Summary: Security update for rabbitmq-server Type: security Severity: moderate References: 1205267,CVE-2022-31008 This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption (bsc#1205267). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4380-1 Released: Fri Dec 9 03:58:17 2022 Summary: Feature update for ipset Type: feature Severity: important References: 1116432,1122853 This update for ipset fixes the following issues: Version update from 6.36 to 7.15 (jsc#PED-2086): - Update needed to match kernel protocol version - Fix bug with 'ipset save -file ' that wrongly produced empty files (bsc#1116432) - A new internal protocol version between the kernel and userspace is used. This is required in order to support two new functions and the extendend LIST operation, which makes possible to run ipset in every case entirely over netlink without the need to use getsockopt() - Allow specifying protocols by number - Enable memory accounting for ipset allocations - Fix argument parsing buffer overflow in ipset_parse_argv - Fix parsing the service names for ports - Fix memory accounting for hash types on resize - Fix rename concurrency with listing, which can result broken list/save results - Fix to list/save into file specified by option - Implement sorting for hash types in the ipset tool - Limit the maximum range of consecutive elements to add/delete - Support the '-exist' flag with the destroy command - For the full list of changes please consult the changelog at https://ipset.netfilter.org/changelog.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4382-1 Released: Fri Dec 9 04:00:36 2022 Summary: Recommended update for libnvme Type: recommended Severity: important References: 1200089,1203163,1203204,1205019 This update for libnvme fixes the following issues: libnvme: - Fix 'connect-all' failures when handling JSON configuration file (bsc#1205019) nvme-cli: - Honor JSON config file in 'connect-all' command (bsc#1203204 bsc#1203163) - Add 'show-topology' command (bsc#1200089) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4384-1 Released: Fri Dec 9 04:02:25 2022 Summary: Recommended update for migrate-sles-to-sles4sap Type: recommended Severity: moderate References: 1205281 This update for migrate-sles-to-sles4sap fixes the following issues: - Add missing required package dependencies to wget, coreutils, openssl and SUSE Connect (bsc#1205281) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4385-1 Released: Fri Dec 9 04:03:31 2022 Summary: Recommended update for clone-master-clean-up Type: recommended Severity: moderate References: 1203024,1204835 This update for clone-master-clean-up fixes the following issues: Version update from 1.8 to 1.10: - Fix failure if postfix is not installed by adding a check for the directory's existance (bsc#1204835) - Clean up initiatorname.iscsi (bsc#1203024) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4387-1 Released: Fri Dec 9 04:05:27 2022 Summary: Recommended update for libteam Type: recommended Severity: moderate References: 1200505 This update for libteam fixes the following issues: - Set ports priority to local and kernel configurations (bsc#1200505) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4396-1 Released: Fri Dec 9 14:39:07 2022 Summary: Recommended update for frr Type: recommended Severity: moderate References: This update of frr fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4397-1 Released: Fri Dec 9 15:59:23 2022 Summary: Security update for go1.19 Type: security Severity: moderate References: 1200441,1206134,1206135,CVE-2022-41717,CVE-2022-41720 This update for go1.19 fixes the following issues: Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4398-1 Released: Fri Dec 9 15:59:41 2022 Summary: Security update for go1.18 Type: security Severity: moderate References: 1193742,1206134,1206135,CVE-2022-41717,CVE-2022-41720 This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135) - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4404-1 Released: Mon Dec 12 09:04:37 2022 Summary: Recommended update for libpulp Type: recommended Severity: moderate References: 1200129,1200316 This update for libpulp fixes the following issues: - Fix ulp tool not patching on highly stressed environments. The reason behind it is that a 10s timeout was not enough depending of how stressed the machine is (bsc#1200316) - Fix HANA testcase failures (bsc#1200129) - Add support for searching for patches recursively so that to include subdirectories - Improve the process patching performance. This is achieved by reducing ptrace calls and switching to 'process_vm_readv/writev' when possible, and moving process discovery to a different thread. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4411-1 Released: Tue Dec 13 04:21:08 2022 Summary: Security update for tiff Type: security Severity: important References: 1204642,1205422,CVE-2022-3570,CVE-2022-3598 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4413-1 Released: Tue Dec 13 08:04:34 2022 Summary: Recommended update for resource-agents Type: recommended Severity: moderate References: This update for resource-agents fixes the following issue: - Pacemaker should provide a dynamic option to specify a logfile. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4420-1 Released: Tue Dec 13 08:25:30 2022 Summary: Recommended update for salt Type: recommended Severity: moderate References: 1203685,1203834,1203886 This update for salt fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4422-1 Released: Tue Dec 13 08:26:22 2022 Summary: Recommended update for SUSE Manager 4.3.3 Release Notes Type: recommended Severity: moderate References: 1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470 This update for SUSE Manager 4.3.3 Release Notes provides the following additions: Release Notes for SUSE Manager: - Revision 4.3.3 - Bugs mentioned: bsc#1200169, bsc#1200296, bsc#1201476, bsc#1201606, bsc#1201607 bsc#1201788, bsc#1201893, bsc#1202093, bsc#1202217, bsc#1202785 bsc#1203283, bsc#1203451, bsc#1203532, bsc#1203580, bsc#1203588 bsc#1203599, bsc#1203611, bsc#1203633, bsc#1203685, bsc#1203698 bsc#1203884, bsc#1204029, bsc#1204061, bsc#1204195, bsc#1204437 bsc#1204444, bsc#1204517, bsc#1204519, bsc#1204541, bsc#1204651 bsc#1204699, bsc#1205212, bsc#1205339, bsc#1205470 Release Notes for SUSE Manager Proxy: - Revision 4.3.3 - Bugs mentioned: bsc#1201893, bsc#1203283, bsc#1204517, bsc#1205212, bsc#1205339 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4437-1 Released: Tue Dec 13 08:33:20 2022 Summary: Security update for SUSE Manager Client Tools Type: security Severity: important References: 1188571,1189520,1192383,1192763,1193492,1193686,1199810,1201535,1201539,1202945,1203283,1203596,1203597,1203599,CVE-2021-36222,CVE-2021-3711,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-29170,CVE-2022-31097,CVE-2022-31107,CVE-2022-35957,CVE-2022-36062 This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8. grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove 'Undefined return code' from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings uyuni-proxy-systemd-services: - Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4447-1 Released: Tue Dec 13 10:13:56 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1205300 This update for postgresql13 fixes the following issues: postgresql13 was updated to 13.9: (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/13/release-13-9.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4452-1 Released: Tue Dec 13 11:35:26 2022 Summary: Security update for java-1_8_0-openjdk Type: security Severity: moderate References: 1204471,1204472,1204473,1204475,CVE-2022-21619,CVE-2022-21624,CVE-2022-21626,CVE-2022-21628 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4453-1 Released: Tue Dec 13 11:38:38 2022 Summary: Security update for wireshark Type: security Severity: important References: 1204822,1206189,1206190,CVE-2022-3725 This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash (bsc#1204822). - Multiple dissector infinite loops (bsc#1206189). - Kafka dissector memory exhaustion (bsc#1206190). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4455-1 Released: Tue Dec 13 11:53:31 2022 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1205974 This update for 389-ds fixes the following issues: - support pam_saslauthd for authentication pass through requirements. (jsc#PED-2701 bsc#1205974) Update to version 2.0.17~git7.959d36e: * RFE - split pass through auth cli * BUG - Pam PTA multiple issues * Increase default task TTL Update to version 2.0.17~git4.9447f5f: * Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) * Make logger's parameter name unified (#5540) * Bump VERSION.sh to 2.0.17 * Fix a rebase typo (#5537) * Bump version ot 2.0.17 * Add copyright text to the repository files * Make db compaction TOD day more robust. * UI - Fix npm vulnerability in loader-utils * UI - fix audit issue with npm loader-utils (#5514) * Fix dsctl tls ca-certfiicate add-cert arg requirement * RFE - CLI allow adding CA certificate bundles * memberof is slow on update/fixup if there are several 'groupattr' (#5455) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4457-1 Released: Tue Dec 13 13:10:48 2022 Summary: Security update for libtpms Type: security Severity: moderate References: 1187767,1204556,CVE-2021-3623 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4462-1 Released: Tue Dec 13 17:00:38 2022 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1206242,CVE-2022-46872,CVE-2022-46874,CVE-2022-46875,CVE-2022-46878,CVE-2022-46880,CVE-2022-46881,CVE-2022-46882 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4464-1 Released: Wed Dec 14 05:56:21 2022 Summary: feature update for YaST Type: feature Severity: important References: 1204180,1205918 This update for YaST fixes the following issues: autoyast2: - Add needed packages for kdump if the product enables kdump by default (bsc#1204180) - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) skelcd-control-leanos: - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-installation: - Fixed the help in the installation summary (jsc#SLE-25087, jsc#SLE-24764) - Write configuration for ssg-apply script according to the enabled security policy (jsc#SLE-25087, jsc#SLE-24764) yast2-schema-default: - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-security: - Fixed wrong steps count causing a crash during saving (bsc#1205918) - Disable the ssg-apply service if the selected SCAP action is 'do nothing' (jsc#SLE-25087, jsc#SLE-24764) - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-storage-ng: - Validate security policies in both guided proposal and partitioner (jsc#SLE-25087, jsc#SLE-24764) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4465-1 Released: Wed Dec 14 05:58:28 2022 Summary: Recommended update for motif Type: recommended Severity: important References: 1205253 This update for motif fixes the following issues: - Fix to prevent third party application crash (bsc#1205253) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4466-1 Released: Wed Dec 14 05:59:27 2022 Summary: Recommended update for python-kiwi Type: recommended Severity: moderate References: 1203896 This update for python-kiwi fixes the following issues: Version update from 9.24.36 to 9.24.43: - Add example aarch64 integration test for Ubuntu - Add option '--target-arch' for image info to allow cross architecture dependency solving - Add support for group id in users setting - Fix error handling for setfiles policy lookup and ensure the path to run scandir is properly created - Fix handling of signing_keys in cmdline options - Fix helper method to detect dracut outfile format - Fix 'kexec' options setup in kiwi-dump-reboot - Fix issues with the setfiles SELinux relabel command - Prefer file based syscall in kexec when possible, needed to support boot on a secure boot enabled system (bsc#1203896) - Setup SELinux on every system prepare / build ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4467-1 Released: Wed Dec 14 06:00:36 2022 Summary: Recommended update for python-parallax Type: recommended Severity: important References: 1205116 This update for python-parallax fixes the following issues: - Fix parallax file descriptor leakage (bsc#1205116) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4472-1 Released: Wed Dec 14 06:08:43 2022 Summary: Recommended update for pesign Type: recommended Severity: moderate References: 1205323 This update for pesign fixes the following issues: - Fix OID array indices (bsc#1205323) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4474-1 Released: Wed Dec 14 07:45:26 2022 Summary: Recommended update for python-paramiko Type: recommended Severity: moderate References: 1205132 This update for python-paramiko fixes the following issues: - Fix loading of RSA key (bsc#1205132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4476-1 Released: Wed Dec 14 10:48:21 2022 Summary: Maintenance update for SUSE Manager 4.3: Server Type: recommended Severity: important References: Maintenance update for SUSE Manager 4.3: Server: This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4478-1 Released: Wed Dec 14 11:59:24 2022 Summary: Security update for capnproto Type: security Severity: moderate References: 1205968,CVE-2022-46149 This update for capnproto fixes the following issues: - CVE-2022-46149: Fixed out of bounds read when handling a list of lists (bsc#1205968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4479-1 Released: Wed Dec 14 12:41:39 2022 Summary: Security update for xorg-x11-server Type: security Severity: important References: 1205874,1205875,1205876,1205877,1205878,1205879,1206017,CVE-2022-4283,CVE-2022-46340,CVE-2022-46341,CVE-2022-46342,CVE-2022-46343,CVE-2022-46344 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4480-1 Released: Wed Dec 14 12:42:46 2022 Summary: Security update for xorg-x11-server Type: security Severity: important References: 1205874,1205875,1205876,1205877,1205878,1205879,1206017,CVE-2022-4283,CVE-2022-46340,CVE-2022-46341,CVE-2022-46342,CVE-2022-46343,CVE-2022-46344 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4487-1 Released: Wed Dec 14 12:46:08 2022 Summary: Security update for xwayland Type: security Severity: important References: 1205874,1205875,1205876,1205877,1205878,1205879,1206017,CVE-2022-4283,CVE-2022-46340,CVE-2022-46341,CVE-2022-46342,CVE-2022-46343,CVE-2022-46344 This update for xwayland fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4488-1 Released: Wed Dec 14 13:22:53 2022 Summary: Security update for apache2-mod_wsgi Type: security Severity: moderate References: 1201634,CVE-2022-2255 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4489-1 Released: Wed Dec 14 13:28:22 2022 Summary: Recommended update for keepalived Type: recommended Severity: moderate References: This update of keepalived fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). - rebuild against the new libipset (jsc#PED-2086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4491-1 Released: Wed Dec 14 13:31:51 2022 Summary: Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme Type: recommended Severity: important References: 1111657,1144506,1148184,1186870,1199282 This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) python-cffi: - Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates - Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657) python-Django: - New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-hypothesis: - Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you’re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0 python-packaging: - Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver: - New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-sphinx_rtd_theme: - Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4502-1 Released: Fri Dec 16 08:53:52 2022 Summary: Recommended update for rekor Type: recommended Severity: moderate References: This update for rekor fixes the following issues: Rekor was updated to 1.0.1 (jsc#SLE-23476): - stop inserting envelope hash for intoto:0.0.2 types into index - build with FIPSified go1.18. updated to rekor 1.0.0 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching - verify: verify checkpoint's STH against the inclusion proof root hash - add ability to enable/disable specific rekor API endpoints - enable configurable client retries with backoff in RekorClient - remove dead code around api-key and timestamp references - update swagger API version to 1.0.0 - remove unused RekorVersion API definition - install gocovmerge in hack/tools - add retry command line flag on rekor-cli - Add some info and debug logging to commonly used funcs updated to rekor 0.12.2 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching by hash updated to rekor 0.12.1 (jsc#SLE-23476): - ** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version The addition of the intotov2 created a breaking change for the rekor-cli - What's Changed - fix: fix harness tests with intoto v0.0.2 - feat: add file based signer and password - Adds new rekor metrics for latency and QPS. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4504-1 Released: Fri Dec 16 13:28:48 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1204631,1204636,1204693,1204810,1204850,1205007,1205100,1205111,1205128,1205130,1205149,1205153,1205220,1205331,1205428,1205473,1205514,1205617,1205653,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206046,1206047,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,1206273,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934 The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Revert 'net: phy: meson-gxl: improve link-up behavior' (git-fixes). - Revert 'tty: n_gsm: avoid call of sleeping functions from atomic context' (git-fixes). - Revert 'tty: n_gsm: replace kicktimer with delayed_work' (git-fixes). - Revert 'usb: dwc3: disable USB core PHY management' (git-fixes). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4518-1 Released: Fri Dec 16 23:05:54 2022 Summary: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Type: security Severity: important References: 1203606,1204424,1204576,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945 This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4519-1 Released: Fri Dec 16 23:34:09 2022 Summary: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Type: security Severity: important References: 1203606,1204424,1204576,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945 This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4542-1 Released: Sat Dec 17 20:34:05 2022 Summary: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Type: security Severity: important References: 1196959,1205130,1205815,1206228,CVE-2021-39698,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945 This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2021-39698: Fixed a use-after-free in aio_poll_complete_work of aio.c (bsc#1196956). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4559-1 Released: Mon Dec 19 13:06:17 2022 Summary: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Type: security Severity: important References: 1203606,1204424,1204576,1204624,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-3640,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945 This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4560-1 Released: Mon Dec 19 13:06:24 2022 Summary: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Type: security Severity: important References: 1204424,1204576,1204624,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3586,CVE-2022-3640,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945 This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4565-1 Released: Mon Dec 19 13:34:57 2022 Summary: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Type: security Severity: important References: 1203606,1204424,1204486,1204576,1205130,1205815,1206228,CVE-2022-3545,CVE-2022-3577,CVE-2022-3586,CVE-2022-41218,CVE-2022-4139,CVE-2022-4378,CVE-2022-43945 This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4568-1 Released: Mon Dec 19 14:13:24 2022 Summary: Recommended update for OpenIPMI Type: recommended Severity: moderate References: This update of OpenIPMI fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4579-1 Released: Tue Dec 20 08:33:09 2022 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1206242,CVE-2022-46872,CVE-2022-46874,CVE-2022-46875,CVE-2022-46878,CVE-2022-46880,CVE-2022-46881,CVE-2022-46882 This update for MozillaThunderbird fixes the following issues: Update to version 102.6 (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4584-1 Released: Tue Dec 20 12:42:21 2022 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: critical References: 1206428 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.8 (bsc#1206428) - Fix regression introduced by 10.0.7. When the hosts file was modified such that there is no empty line at the end of the file the content after removing the registration data does not match the content prior to registration. The update fixes the issue triggered by an index logic error. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4585-1 Released: Tue Dec 20 12:52:24 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1203391,1203511,1203960,1204228,1204405,1204414,1204631,1204636,1204693,1204780,1204810,1204850,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205264,1205282,1205331,1205332,1205427,1205428,1205473,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4586-1 Released: Tue Dec 20 13:32:11 2022 Summary: Security update for openssl-3 Type: security Severity: important References: 1206374,CVE-2022-3786,CVE-2022-3996 This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking (bsc#1206374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4590-1 Released: Tue Dec 20 15:08:51 2022 Summary: Recommended update for openscap Type: recommended Severity: moderate References: 1197599,1203408 This update for openscap fixes the following issues: Added openSUSE Leap 15.4 and 15.5 dictionary entries. (bsc#1203408 bsc#1197599) openscap was updated to 1.3.6 * New features - Select and exclude groups of rules on the command line - The boot-time remediation service for systemd's Offline Update mode - Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable - Allow disablement of SHA-1 and MD5 - Allow providing pre-downloaded components - Introduce OSBuild Blueprint fix type * Maintenance, bug fixes - Fix coverity issues - Patch the `segfault` in dpkginfo_fini() - Add an alternative source of hostname - Fail download on HTTP errors - Compile 'environmentvariable_probe' on Windows - FreeBSD build and test fixes - Add offline mode for password probe - Initialize crypto API only once - Fix UBI 9 scan - oval/yamlfilecontent: Add 'null' values handling - Do not set Rpath - Do not split `XCCDF:requires` with multiple `idrefs` - Allow empty /proc in offline mode - oscap-remediate is shipped via /usr/bin. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4592-1 Released: Tue Dec 20 16:51:35 2022 Summary: Security update for cni Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4593-1 Released: Tue Dec 20 16:55:16 2022 Summary: Security update for cni-plugins Type: security Severity: important References: 1181961,CVE-2021-20206 This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4606-1 Released: Thu Dec 22 09:32:03 2022 Summary: Security update for helm Type: security Severity: moderate References: 1181419,1206467,1206469,1206471,CVE-2021-21272,CVE-2022-1996,CVE-2022-23524,CVE-2022-23525,CVE-2022-23526 This update for helm fixes the following issues: Update to version 3.10.3: - CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467). - CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469). - CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4623-1 Released: Tue Dec 27 08:44:28 2022 Summary: Recommended update for rust, rust1.66 Type: recommended Severity: moderate References: This update for rust, rust1.66 fixes the following issues: This update ships rust 1.66. Version 1.66.0 (2022-12-15) ========================== Language -------- - Permit specifying explicit discriminants on all `repr(Int)` enums ```rust #[repr(u8)] enum Foo { A(u8) = 0, B(i8) = 1, C(bool) = 42, } ``` - Allow transmutes between the same type differing only in lifetimes - Change constant evaluation errors from a deny-by-default lint to a hard error - Trigger `must_use` on `impl Trait` for supertraits This makes `impl ExactSizeIterator` respect the existing `#[must_use]` annotation on `Iterator`. - Allow `..X` and `..=X` in patterns - Uplift `clippy::for_loops_over_fallibles` lint into rustc - Stabilize `sym` operands in inline assembly - Update to Unicode 15 - Opaque types no longer imply lifetime bounds This is a soundness fix which may break code that was erroneously relying on this behavior. Compiler -------- - Add armv5te-none-eabi and thumbv5te-none-eabi tier 3 targets - Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. - Add support for linking against macOS universal libraries Libraries --------- - Fix `#[derive(Default)]` on a generic `#[default]` enum adding unnecessary `Default` bounds - Update to Unicode 15 Stabilized APIs --------------- - `proc_macro::Span::source_text`](https://doc.rust-lang.org/stable/proc_macro/struct.Span.html#method.source_text) - `uX::{checked_add_signed, overflowing_add_signed, saturating_add_signed, wrapping_add_signed}`](https://doc.rust-lang.org/stable/std/primitive.u8.html#method.checked_add_signed) - `iX::{checked_add_unsigned, overflowing_add_unsigned, saturating_add_unsigned, wrapping_add_unsigned}`](https://doc.rust-lang.org/stable/std/primitive.i8.html#method.checked_add_unsigned) - `iX::{checked_sub_unsigned, overflowing_sub_unsigned, saturating_sub_unsigned, wrapping_sub_unsigned}`](https://doc.rust-lang.org/stable/std/primitive.i8.html#method.checked_sub_unsigned) - `BTreeSet::{first, last, pop_first, pop_last}`](https://doc.rust-lang.org/stable/std/collections/struct.BTreeSet.html#method.first) - `BTreeMap::{first_key_value, last_key_value, first_entry, last_entry, pop_first, pop_last}`](https://doc.rust-lang.org/stable/std/collections/struct.BTreeMap.html#method.first_key_value) - Add `AsFd` implementations for stdio lock types on WASI. - `impl TryFrom> for Box<[T; N]>`](https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#impl-TryFrom%3CVec%3CT%2C%20Global%3E%3E-for-Box%3C%5BT%3B%20N%5D%2C%20Global%3E) - `core::hint::black_box`](https://doc.rust-lang.org/stable/std/hint/fn.black_box.html) - `Duration::try_from_secs_{f32,f64}`](https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.try_from_secs_f32) - `Option::unzip`](https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.unzip) - `std::os::fd`](https://doc.rust-lang.org/stable/std/os/fd/index.html) Rustdoc ------- - Add Rustdoc warning for invalid HTML tags in the documentation Cargo ----- - Added `cargo remove` to remove dependencies from Cargo.toml](https://doc.rust-lang.org/nightly/cargo/commands/cargo-remove.html) - `cargo publish` now waits for the new version to be downloadable before exiting See [detailed release notes] for more. Compatibility Notes ------------------- - Only apply `ProceduralMasquerade` hack to older versions of `rental`] - Don't export `__heap_base` and `__data_end` on wasm32-wasi.] - Don't export `__wasm_init_memory` on WebAssembly.] - Only export `__tls_*` on wasm32-unknown-unknown.] - Don't link to `libresolv` in libstd on Darwin] - Update libstd's libc to 0.2.135 (to make `libstd` no longer pull in `libiconv.dylib` on Darwin)] - Opaque types no longer imply lifetime bounds] This is a soundness fix which may break code that was erroneously relying on this behavior. - Make `order_dependent_trait_objects` show up in future-breakage reports] - Change std::process::Command spawning to default to inheriting the parent's signal mask] Changes in rust: - Update to version 1.66.0 - for details see the rust1.66 package ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4626-1 Released: Tue Dec 27 13:05:35 2022 Summary: Security update for freeradius-server Type: security Severity: important References: 1206204,1206205,1206206,CVE-2022-41859,CVE-2022-41860,CVE-2022-41861 This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4632-1 Released: Wed Dec 28 09:31:41 2022 Summary: Recommended update for lifecycle-data-sle-module-live-patching Type: recommended Severity: moderate References: 1020320 This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_101, 4_12_14-150000_150_104, 4_12_14-150100_197_123, 4_12_14-150100_197_126, 5_14_21-150400_24_21, 5_14_21-150400_24_28, 5_3_18-150200_24_129, 5_3_18-150200_24_134, 5_3_18-150300_59_93, 5_3_18-150300_59_98. (bsc#1020320) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4634-1 Released: Thu Dec 29 10:05:17 2022 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1206474,CVE-2022-42856 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4635-1 Released: Thu Dec 29 12:31:19 2022 Summary: Security update for conmon Type: security Severity: moderate References: 1200285,CVE-2022-1708 This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4636-1 Released: Thu Dec 29 14:02:23 2022 Summary: Security update for MozillaThunderbird Type: security Severity: moderate References: 1206653,CVE-2022-46874 This update for MozillaThunderbird fixes the following issues: Update to version 102.6.1 * fixed: Remote content did not load in user-defined signatures * fixed: Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall * fixed: Various stability improvements * CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions (bsc#1206653) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4639-1 Released: Fri Dec 30 09:31:14 2022 Summary: Security update for polkit-default-privs Type: security Severity: low References: 1206414 This update for polkit-default-privs fixes the following issues: Update to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4640-1 Released: Fri Dec 30 11:30:23 2022 Summary: Recommended update for drbd-utils Type: recommended Severity: low References: 1204276 This update for drbd-utils fixes the following issue: - Remove crm-fence-peer.sh for drbd8 to avoid confusion with v9 (bsc#1204276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4645-1 Released: Sat Dec 31 16:04:44 2022 Summary: Security update for postgresql14, postgresql15 Type: recommended Severity: moderate References: 1205300 This update for postgresql14, postgresql15 fixes the following issues: postgresql15 is shipped in version 15.1. * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/15/release-15-1.html Update to 15.0: * https://www.postgresql.org/about/news/p-2526/ * https://www.postgresql.org/docs/15/release-15.html postgresql14 was updated to 14.6. (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/14/release-14-6.html The libpq5 and libecpg6 libraries are now provided by postgresql15. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2-1 Released: Mon Jan 2 08:59:40 2023 Summary: Security update for sbd Type: security Severity: moderate References: 1180966,1181400,1185182,1204319 This update for sbd fixes the following issues: Update to version 1.5.1+20221128.8ec8e01: - sbd-inquisitor: fail startup if pacemaker integration is disabled while SBD_SYNC_RESOURCE_STARTUP is conflicting (bsc#1204319) - sbd-inquisitor: do not warn about startup syncing if pacemaker integration is even intentionally disabled (bsc#1204319) - sbd-inquisitor: log a warning if SBD_PACEMAKER is overridden by -P or -PP option (bsc#1204319) - sbd-inquisitor: ensure a log info only tells the fact about how SBD_PACEMAKER is set (bsc#1204319) - Added hardened to systemd service(s) (bsc#1181400). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:6-1 Released: Mon Jan 2 11:39:18 2023 Summary: Security update for nautilus Type: security Severity: moderate References: 1205418,CVE-2022-37290 This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:7-1 Released: Mon Jan 2 11:39:38 2023 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1206442,CVE-2022-3109 This update for ffmpeg fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:8-1 Released: Mon Jan 2 11:40:05 2023 Summary: Security update for ffmpeg-4 Type: security Severity: moderate References: 1206442,CVE-2022-3109 This update for ffmpeg-4 fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:9-1 Released: Mon Jan 2 11:42:16 2023 Summary: Security update for saphanabootstrap-formula Type: security Severity: important References: 1185643,1205990,CVE-2022-45153 This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:16-1 Released: Tue Jan 3 11:01:45 2023 Summary: Recommended update for qemu Type: recommended Severity: moderate References: 1202364 This update for qemu fixes the following issues: - Fix for qemu for broken emulation in SLES15 SP3. (bsc#1202364) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:18-1 Released: Tue Jan 3 12:22:32 2023 Summary: Recommended update for libnvme, nvme-cli, nvme-stas Type: recommended Severity: important References: 1204975,1205657,1205873 This update for libnvme, nvme-cli and nvme-stas fixes the following issues: libnvme, nvme-cli: - Fix 'persistent' handling during connect-all with JSON file (bsc#1205657) nvme-stas: - Avahi: Handle upper/lower case 'NQN/nqn' in TXT attribute (bsc#1205873) - staslib: Trim whitespaces at the source (bsc#1204975) - stafd: Add 'origin' parameter to DC controller objects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:19-1 Released: Tue Jan 3 20:16:50 2023 Summary: Security update for rmt-server Type: security Severity: important References: 1204285,1204769,1205089,CVE-2022-31254 This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:27-1 Released: Thu Jan 5 09:53:58 2023 Summary: Recommended update for yast2-hana-update Type: recommended Severity: moderate References: 1185229 This update for yast2-hana-update fixes the following issues: - Fix wrong information in YaST2 module yast2-hana-update Step 4 of 7 (bsc#1185229) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:28-1 Released: Thu Jan 5 09:54:44 2023 Summary: Recommended update for SAPHanaSR Type: recommended Severity: moderate References: 1192963,1203973 This update for SAPHanaSR fixes the following issues: - Add improvements from SAP to the RA scripts regarding the handling of the SAP tools 'HDB version', 'HDBSettings.sh' and 'pycd' and the SAPHana log filter handling (jsc#PED-1738, jsc#PED-1739) - Fix for SAPHanaSR-monitor reporting 'LPA status of one node is missing' (bsc#1192963, bsc#1203973) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:30-1 Released: Thu Jan 5 13:33:15 2023 Summary: Security update for tcl Type: security Severity: important References: 1195773 This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:32-1 Released: Thu Jan 5 14:04:25 2023 Summary: Security update for rpmlint-mini Type: security Severity: low References: 1206414 This update for rpmlint-mini fixes the following issues: Update polkit-default-privs to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:33-1 Released: Thu Jan 5 15:09:46 2023 Summary: Security update for xrdp Type: security Severity: important References: 1206300,1206302,1206303,1206306,1206307,1206310,1206311,1206312,1206313,CVE-2022-23468,CVE-2022-23478,CVE-2022-23479,CVE-2022-23480,CVE-2022-23481,CVE-2022-23482,CVE-2022-23483,CVE-2022-23484,CVE-2022-23493 This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). - CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:39-1 Released: Mon Jan 9 09:16:21 2023 Summary: Recommended update for skelcd-control-leanos, yast2-security Type: recommended Severity: moderate References: This update for yast2-security fixes the following issues: yast2-security was updated to 4.4.18: - AutoYaST: export security policy settings (related to DISA STIG enablement / jsc#SLE-24764). skelcd-control-leanos: - is delivered to the INSTALLER channel to enable the DISA STIG feature. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:41-1 Released: Mon Jan 9 10:23:07 2023 Summary: Recommended update for kdump Type: recommended Severity: important References: 1144337,1191410,1204000,1204743 This update for kdump fixes the following issues: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - Rebuild initrd image after migration on ppc64 architecture (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:42-1 Released: Mon Jan 9 10:28:23 2023 Summary: Recommended update for YaST Type: recommended Severity: moderate References: 1193009,1202007,1204399,1204530,1204845,1204907 This update for YaST fixes the following issues: yast2-cluster: - Set crypto_hash as 'sha1' and set crypto_cipher as 'aes256' (bsc#1204530) - Set transport as 'udpu' when detect in cloud - Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured - Set focus on 'Generate Auth Key File' when secauth is true - Implement ValidateSecurity method - Set focus on 'memberaddr add' when using udpu yast2-country: - Ensure the correct language translations are always used (bsc#1204845, bsc#1193009) yast2-online-update: - Fix to prevent the unconditional refresh of all repositories when it's not needed (bsc#1204907) yast2-packager: - Do not add an empty repository to the system when upgrading a registered system using the Full installation medium (bsc#1204399) yast2-pkg-bindings: - Allow querying orphaned packages (bsc#1202007) yast2-update: - Display a warning in the upgrade summary when removing orphaned 3rd party packages (bsc#1202007) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:47-1 Released: Mon Jan 9 10:37:28 2023 Summary: Recommended update for cepces Type: recommended Severity: moderate References: 1204788 This update for cepces fixes the following issues: - Make the openssl security level configurable (bsc#1204788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:49-1 Released: Mon Jan 9 10:40:08 2023 Summary: Recommended update for llvm9 Type: recommended Severity: moderate References: 1189602,1197776 This update for llvm9 fixes the following issues: - Keep DFLTCC environment during testing so we can disable the compression facility on s390x which causes testsuite issues (bsc#1189602) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package (bsc#1197776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:51-1 Released: Mon Jan 9 10:42:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1195391,1200107,1203092,1204423 This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:52-1 Released: Mon Jan 9 10:43:57 2023 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1205266,1205272,1205284,1205377 This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:54-1 Released: Mon Jan 9 10:49:19 2023 Summary: Recommended update for bash-completion Type: recommended Severity: moderate References: 1200791 This update for bash-completion fixes the following issues: - Fix curl help completion (bsc#1200791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:55-1 Released: Mon Jan 9 10:49:56 2023 Summary: Recommended update for php8 Type: recommended Severity: moderate References: 1205782 This update for php8 fixes the following issues: - Don't expect the user to always have the php8 module loaded in Apache (bsc#1205782) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:59-1 Released: Tue Jan 10 10:05:29 2023 Summary: Recommended update for gnome-music Type: recommended Severity: important References: 1206751 This update for gnome-music fixes the following issues: - Fixed a problem during application start (bsc#1206751). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:65-1 Released: Wed Jan 11 11:43:20 2023 Summary: Security update for w3m Type: security Severity: moderate References: 1202684,CVE-2022-38223 This update for w3m fixes the following issues: - CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:69-1 Released: Wed Jan 11 11:44:36 2023 Summary: Security update for SDL2 Type: security Severity: moderate References: 1206727,CVE-2022-4743 This update for SDL2 fixes the following issues: - CVE-2022-4743: Fixed a potential memory leak when creating a texture for an OpenGL ES image (bsc#1206727). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:73-1 Released: Wed Jan 11 18:42:53 2023 Summary: Security update for php7 Type: security Severity: important References: 1206958,CVE-2022-31631 This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:74-1 Released: Wed Jan 11 18:43:26 2023 Summary: Security update for php8 Type: security Severity: important References: 1206958,CVE-2022-31631 This update for php8 fixes the following issues: - Updated to version 8.0.27: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Non-security fixes: - Fixed a NULL pointer dereference with -w/-s options. - Fixed a crash in Generator when interrupted during argument evaluation with extra named params. - Fixed a crash in Generator when memory limit was exceeded during initialization. - Fixed a memory leak in Generator when interrupted during argument evaluation. - Fixed an issue in the DateTimeZone constructor where an extra null byte could be added to the input. - Fixed a hang in SaltStack when using php-fpm 8.1.11. - Fixed mysqli_query warnings being shown despite using silenced error mode. - Fixed a NULL pointer dereference when serializing a SOAP response call. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:75-1 Released: Thu Jan 12 09:03:11 2023 Summary: Security update for net-snmp Type: security Severity: moderate References: 1205148,1205150,1206044,1206828,CVE-2022-44792,CVE-2022-44793 This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148). - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150). Other fixes: - Enabled AES-192 and AES-256 privacy protocols (bsc#1206828). - Fixed an incorrect systemd hardening that caused home directory size and allocation to be listed incorrectly (bsc#1206044) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:79-1 Released: Thu Jan 12 09:05:47 2023 Summary: Security update for python-future Type: security Severity: moderate References: 1206673,CVE-2022-40899 This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:82-1 Released: Thu Jan 12 11:07:16 2023 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: 1203602 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - require sudo, as remediations touch sudo config or use sudo. (bsc#1203602) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:87-1 Released: Fri Jan 13 20:08:25 2023 Summary: Recommended update for python-cairo Type: recommended Severity: moderate References: 1206716 This update for python-cairo ships the missing python3-cairo to openSUSE Leap Micro 5.3. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:88-1 Released: Mon Jan 16 10:30:50 2023 Summary: Security update for python-wheel Type: security Severity: moderate References: 1206670,CVE-2022-40898 This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:91-1 Released: Mon Jan 16 11:14:14 2023 Summary: Security update for python310-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python310-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:95-1 Released: Tue Jan 17 12:58:53 2023 Summary: Security update for libzypp-plugin-appdata Type: security Severity: important References: 1206836,CVE-2023-22643 This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:103-1 Released: Thu Jan 19 13:22:52 2023 Summary: Security update for postgresql-jdbc Type: security Severity: moderate References: 1206921,CVE-2022-41946 This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files (bsc#1206921). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:107-1 Released: Thu Jan 19 15:03:23 2023 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1201627 This update for openssl-1_0_0 fixes the following issues: - Update further expiring certificates that affect tests [bsc#1201627] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:113-1 Released: Fri Jan 20 10:21:40 2023 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1207119,CVE-2022-46871,CVE-2022-46877,CVE-2023-23598,CVE-2023-23601,CVE-2023-23602,CVE-2023-23603,CVE-2023-23605 This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:114-1 Released: Fri Jan 20 10:22:57 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:127-1 Released: Tue Jan 24 13:23:00 2023 Summary: Security update for rubygem-websocket-extensions Type: security Severity: moderate References: 1172445,CVE-2020-7663 This update for rubygem-websocket-extensions fixes the following issues: - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker (bsc#1172445). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:132-1 Released: Tue Jan 24 15:37:46 2023 Summary: Security update for rust1.66 Type: security Severity: important References: 1206930,CVE-2022-46176 This update for rust1.66 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH(bsc#1206930). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:133-1 Released: Tue Jan 24 15:38:38 2023 Summary: Security update for rust1.65 Type: security Severity: important References: 1206930,CVE-2022-46176 This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH (bsc#1206930). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:142-1 Released: Thu Jan 26 06:40:15 2023 Summary: Feature update for bind Type: feature Severity: moderate References: This update for bind fixes the following issues: Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600) - New Features: * Support for parsing and validating the dohpath service parameter in SVCB records was added. * named now logs the supported cryptographic algorithms during startup and in the output of named -V - Bug Fixes: * A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. * In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. * rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. * Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. * The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. * Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. * When a DNS resource records TTL value was equal to the resolver configured prefetch eligibility value, the record was erroneously not treated as eligible for prefetching. * Changing just the TSIG key names for primaries in catalog zones member zones was not effective. This has been fixed. - Known Issues: * Upgrading from BIND 9.16.32 or any older version may require a manual configuration change. The following configurations are affected: + type primary zones configured with dnssec-policy but without either allow-update or update-policy + type secondary zones configured with dnssec-policy In these cases please add inline-signing yes; to the individual zone configuration(s). Without applying this change, named will fail to start. For more details, see https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:143-1 Released: Thu Jan 26 06:41:22 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: 1201689 This update for bind fixes the following issues: - Add systemd drop-in directory for named service (bsc#1201689) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:144-1 Released: Thu Jan 26 06:43:05 2023 Summary: Recommended update for freerdp Type: recommended Severity: moderate References: 1205446 This update for freerdp fixes the following issues: - Drop -DBUILTIN_CHANNELS=OFF option to fix missing symbols issue for builtin channels (bsc#1205446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:146-1 Released: Thu Jan 26 09:17:51 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: bonding: update miimon default to 100 (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - Documentation/features-refresh.sh: Only sed the beginning 'arch' of ARCH_DIR (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - restore m_can_lec_type (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:149-1 Released: Thu Jan 26 10:18:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1187428,1188605,1190969,1191259,1193629,1199294,1201068,1203219,1203740,1203829,1204614,1204652,1204760,1204911,1204989,1205257,1205263,1205485,1205496,1205601,1205695,1206073,1206098,1206101,1206188,1206209,1206273,1206344,1206389,1206390,1206391,1206393,1206394,1206395,1206396,1206397,1206398,1206399,1206456,1206468,1206515,1206536,1206554,1206602,1206619,1206664,1206703,1206794,1206896,1206912,1207016,CVE-2022-3104,CVE-2022-3105,CVE-2022-3106,CVE-2022-3107,CVE-2022-3108,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3114,CVE-2022-3115,CVE-2022-3344,CVE-2022-3564,CVE-2022-4379,CVE-2022-4662,CVE-2022-47520 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:151-1 Released: Thu Jan 26 11:10:25 2023 Summary: Security update for xrdp Type: security Severity: important References: 1206301,CVE-2022-23477 This update for xrdp fixes the following issues: - CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client (bsc#1206301). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:153-1 Released: Thu Jan 26 13:14:15 2023 Summary: Security update for haproxy Type: security Severity: important References: 1207181,CVE-2023-0056 This update for haproxy fixes the following issues: - CVE-2023-0056: Fixed a server crash that could be triggered via a malformed HTTP/2 frame (bsc#1207181). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:158-1 Released: Thu Jan 26 16:05:10 2023 Summary: Recommended update for mlocate Type: recommended Severity: moderate References: This update for mlocate fixes the following issues: - Pass '--shell=/bin/sh' to 'su' when running the 'updatedb' command so that we don't depend on the '${RUN_UPDATEDB_AS}' user's login shell. Since that user is 'nobody' by default, the login shell will oftentimes be '/bin/false'. - require apparmor-abstractions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:160-1 Released: Thu Jan 26 18:22:30 2023 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,1205385,1205386,1206504,1206546,CVE-2021-20251,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-37966,CVE-2022-37967,CVE-2022-38023,CVE-2022-42898 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:167-1 Released: Thu Jan 26 18:28:32 2023 Summary: Security update for bluez Type: security Severity: moderate References: 1204426,CVE-2022-3563 This update for bluez fixes the following issues: - CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool (bsc#1204426). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:169-1 Released: Thu Jan 26 18:29:53 2023 Summary: Security update for xen Type: security Severity: important References: 1027519,1205209,CVE-2022-23824 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:171-1 Released: Thu Jan 26 18:31:58 2023 Summary: Security update for libXpm Type: security Severity: important References: 1207029,1207030,1207031,CVE-2022-44617,CVE-2022-46285,CVE-2022-4883 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:172-1 Released: Thu Jan 26 18:33:30 2023 Summary: Security update for ffmpeg-4 Type: security Severity: moderate References: 1206778,CVE-2022-3341 This update for ffmpeg-4 fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:182-1 Released: Fri Jan 27 09:30:20 2023 Summary: Recommended update for corosync Type: recommended Severity: important References: This update for corosync fixes the following issues: Version update from 2.4.5 to 2.4.6: - Code cleanups of unused variables and trailing spaces - Man pages improvements and fixes - Provide more informative messages for token and consensus timeouts - Various fixes for tests and checks - Various improvements for error handling and logging - For the detailed list of changes please consult the changelog at: https://github.com/corosync/corosync/releases/tag/v2.4.6 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:187-1 Released: Fri Jan 27 11:26:55 2023 Summary: Security update for podman Type: security Severity: important References: 1181640,1181961,1193166,1193273,1197672,1199790,1202809,CVE-2021-20199,CVE-2021-20206,CVE-2021-4024,CVE-2021-41190,CVE-2022-27649,CVE-2022-2989 This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:190-1 Released: Fri Jan 27 12:13:51 2023 Summary: Recommended update for llvm11 Type: recommended Severity: important References: 1197773 This update for llvm11 fixes the following issues: - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of the actual package (bsc#1197773) - Propagate the complete host environment to the tests run. This ensures that all envvars needed e.g. for the compiler to work correctly are present. This run libc++ tests successfully getting the en LD_LIBRARY_PATH, otherwise, library were not found. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:195-1 Released: Fri Jan 27 12:23:02 2023 Summary: Feature update for SAPHanaSR-ScaleOut Type: feature Severity: moderate References: 1192963,1197239,1198127,1198780,1198897,1200969,1203973 This update for SAPHanaSR-ScaleOut fixes the following issues: Version update from 0.181.0 to 0.184.1 (jsc#PED-1253): - Add new HA/DR provider hook susChkSrv supporting a fast-dying indexserver (jsc#PED-1253, jsc#PED-1241, jsc#PED-1240) - Add new HA/DR provider hook susTkOver for blocking manual takeovers (jsc#SLE-16347, jsc#SLE-11220, jsc#PED-1253) - Add improvements from SAP to the RA scripts regarding the handling of the SAP tools 'HDB version', 'HDBSettings.sh' and 'pycd' and the SAPHana log filter handling (jsc#PED-1739, jsc#PED-1738) - Add lost-nameserver-slave handling to SAPHanaTopology, to avoid toggeling SAPHanaController resource, if all nameserver-masters got lost. The SAP HANA instance will only be started, if enough nodes are available to fulfill the needs of the SAP HANA landscape. - Add new tool SAPHanaSR-manageProvider to show, add and delete HA/DR provider sections in the global.ini of SAP HANA. - Changes to the demote_clone function of the resource agent: * if the role is '*:shtdown:shtdown:shtdown' (topology agent run into timeouts) the function fails with rc=1, to get the managed resource stopped - Changes to the stop_clone function of the topology agent: * call landscapeHostConfiguration.py and set the roles as they were reported. If the command timed out, set the role to '*:shtdown:shtdown:shtdown' and return 1 to get the node fenced. The used timeout for the landscapeHostConfiguration.py call can be configured by the cluster action timeout, if needed. It will be 50% of the action timeout or the minimum of 300s. (bsc#1198127) - Change SAPHanaSR-manageAttr to support the different behaviour of 'crmadmin -qD' in different pacemaker versions (bsc#1200969) - Correct the order constraint in man page ocf_suse_SAPHanaTopology.7 (bsc#1197239) - Fix HANA_CALL function to support MCOS environments again (bsc#1198780) - Fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897) - Fix SAPHanaSR-monitor reporting 'LPA status of one node is missing' (bsc#1192963, bsc#1203973) - Fix SAPHanaSRTools.pm to show terminate node attribute too ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:196-1 Released: Fri Jan 27 12:26:06 2023 Summary: Recommended update for release-notes-sles-for-sap Type: recommended Severity: moderate References: 1204008,933411 This update for release-notes-sles-for-sap fixes the following issues: Version update from 15.4.20220930 to 15.4.20221130 (bsc#933411): - Added note about susChkSrv.py (bsc#1204008) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:197-1 Released: Fri Jan 27 12:27:17 2023 Summary: Recommended update for release-notes-sles Type: recommended Severity: moderate References: 1205484,933411 This update for release-notes-sles fixes the following issues: Version update from 15.4.20220930 to 15.4.20221130 (bsc#933411): - Added note about Minimal-VM with cloud-init (jsc#SLE-7254) - Added link to PHP7 deprecation note (bsc#1205484) - Added note about SUSEConnect license handling (jsc#CSD-100) - Added note about debuginfod packages (jsc#SLE-17951) - Added note about p11-kit-server (jsc#SLE-18495) - Added note about Windows Terminal shortcuts in WSL (jsc#SLE-20406) - Added note about fail2ban (jsc#SLE-11611) - Added note about cryptsetup 2.4.3 (jsc#SLE-20275) - Added note about SLE 11 migration being unsupported (jsc#SLE-20518) - Added note about DFS share failover (jsc#SLE-20043) - Added note about prometheus 2.32.1 (jsc#SLE-23458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:206-1 Released: Mon Jan 30 11:17:59 2023 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1140754,1206778,CVE-2019-13390,CVE-2022-3341 This update for ffmpeg fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). - CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:212-1 Released: Mon Jan 30 17:26:44 2023 Summary: Security update for nginx Type: security Severity: important References: 1204526,1204527,CVE-2022-41741,CVE-2022-41742 This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:215-1 Released: Mon Jan 30 17:27:24 2023 Summary: Security update for apache2-mod_auth_openidc Type: security Severity: moderate References: 1190223,1199868,1206441,CVE-2021-39191,CVE-2022-23527 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). - CVE-2021-39191: Fixed open redirect issue in target_link_uri parameter (bsc#1190223). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:218-1 Released: Wed Feb 1 06:12:06 2023 Summary: Recommended update for SAPHanaSR Type: recommended Severity: critical References: 1205535,1207466 This update for SAPHanaSR fixes the following issues: - Fix for SAPHanaTopology failing with error code 1 (OCF_ERR_GENERIC) during a normal stop action (bsc#1207466) - Set srhook attribute to PRIM during a probe so that there is no need to wait for the first srConnectionChanged() to set the attribute (bsc#1205535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:221-1 Released: Wed Feb 1 09:34:32 2023 Summary: Security update for xterm Type: security Severity: important References: 1205305,CVE-2022-45063 This update for xterm fixes the following issues: - CVE-2022-45063: Fixed an arbitrary code execution issue under configurations using vi and zsh (bsc#1205305). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:269-1 Released: Mon Feb 6 15:04:59 2023 Summary: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Type: security Severity: important References: 1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:270-1 Released: Mon Feb 6 15:05:09 2023 Summary: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Type: security Severity: important References: 1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:272-1 Released: Mon Feb 6 15:34:08 2023 Summary: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Type: security Severity: important References: 1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:273-1 Released: Mon Feb 6 15:34:17 2023 Summary: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) Type: security Severity: important References: 1206373,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_24_38 fixes one issue. The following security issue was fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:275-1 Released: Mon Feb 6 17:18:38 2023 Summary: Security update for rubygem-activesupport-5_1 Type: security Severity: moderate References: 1207454,CVE-2023-22796 This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression (bsc#1207454). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:276-1 Released: Mon Feb 6 17:19:34 2023 Summary: Security update for rubygem-rack Type: security Severity: moderate References: 1207596,1207597,1207599,CVE-2022-44570,CVE-2022-44571,CVE-2022-44572 This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary (bsc#1207597). - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header (bsc#1207599). - CVE-2022-44572: Fixed a potential denial of service when parsing a Content-Disposition header (bsc#1207596). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:277-1 Released: Tue Feb 7 07:34:23 2023 Summary: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Type: security Severity: important References: 1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:280-1 Released: Tue Feb 7 08:05:25 2023 Summary: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Type: security Severity: important References: 1205186,1206373,CVE-2022-2602,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:285-1 Released: Tue Feb 7 09:31:42 2023 Summary: Security update for xorg-x11-server Type: security Severity: important References: 1207783,CVE-2023-0494 This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:288-1 Released: Tue Feb 7 09:33:45 2023 Summary: Security update for xorg-x11-server Type: security Severity: important References: 1207783,CVE-2023-0494 This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:289-1 Released: Tue Feb 7 09:34:49 2023 Summary: Security update for xwayland Type: security Severity: important References: 1207783,CVE-2023-0494 This update for xwayland fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:290-1 Released: Tue Feb 7 09:57:17 2023 Summary: Recommended update for rust, rust1.67 Type: recommended Severity: moderate References: This update for rust, rust1.67 fixes the following issues: Rust is shipped in version 1.67.0. Changes in rust1.67: Version 1.67.0 (2023-01-26) ========================== Language -------- - Make `Sized` predicates coinductive, allowing cycles. - #[must_use]` annotations on `async fn` also affect the `Future::Output`. - Elaborate supertrait obligations when deducing closure signatures. - Invalid literals are no longer an error under `cfg(FALSE)`. - Unreserve braced enum variants in value namespace. Compiler -------- - Enable varargs support for calling conventions other than `C` or `cdecl`. - Add new MIR constant propagation based on dataflow analysis. - Optimize field ordering by grouping m\*2^n-sized fields with equivalently aligned ones. - Stabilize native library modifier `verbatim`. Added and removed targets: - Remove tier 3 `linuxkernel` targets Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Merge `crossbeam-channel` into `std::sync::mpsc`. - Fix inconsistent rounding of 0.5 when formatted to 0 decimal places. - Derive `Eq` and `Hash` for `ControlFlow`. - Don't build `compiler_builtins` with `-C panic=abort`. Stabilized APIs --------------- - {integer}::checked_ilog - {integer}::checked_ilog2 - {integer}::checked_ilog10 - {integer}::ilog - {integer}::ilog2 - {integer}::ilog10 - NonZeroU*::ilog2 - NonZeroU*::ilog10 - NonZero*::BITS These APIs are now stable in const contexts: - char::from_u32 - char::from_digit - char::to_digit - core::char::from_u32 - core::char::from_digit Compatibility Notes ------------------- - The layout of `repr(Rust)` types now groups m\*2^n-sized fields with equivalently aligned ones. This is intended to be an optimization, but it is also known to increase type sizes in a few cases for the placement of enum tags. As a reminder, the layout of `repr(Rust)` types is an implementation detail, subject to change. - 0.5 now rounds to 0 when formatted to 0 decimal places. This makes it consistent with the rest of floating point formatting that rounds ties toward even digits. - Chains of `&&` and `||` will now drop temporaries from their sub-expressions in evaluation order, left-to-right. Previously, it was 'twisted' such that the _first_ expression dropped its temporaries _last_, after all of the other expressions dropped in order. - Underscore suffixes on string literals are now a hard error. This has been a future-compatibility warning since 1.20.0. - Stop passing `-export-dynamic` to `wasm-ld`. - main` is now mangled as `__main_void` on `wasm32-wasi`. - Cargo now emits an error if there are multiple registries in the configuration with the same index URL. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:295-1 Released: Tue Feb 7 10:39:39 2023 Summary: Security update for redis Type: security Severity: important References: 1207202,1207203,1207448,CVE-2022-35977,CVE-2023-22458 This update for redis fixes the following issues: - CVE-2022-35977: Fixed an integer overflow that could allow authenticated users to cause a crash (bsc#1207202). - CVE-2023-22458: Fixed a missing check that could allow authenticated users to cause a crash (bsc#1207203). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:297-1 Released: Tue Feb 7 13:17:47 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1205916 This update for java-17-openjdk fixes the following issues: - Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context. - Fix jconsole.desktop icon ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:302-1 Released: Tue Feb 7 16:12:57 2023 Summary: Recommended update for libpulp Type: recommended Severity: moderate References: This update for libpulp fixes the following issues: Update package with libpulp-0.2.7: * Add support to library to JSON library dumps, Removing any requirement of adding the original library .so file into the livepatch build tarball. * Update the ulp post hook script for transactional systems (jsc#PED-1078). * Add `setup_package.sh` as part of libpulp tools. Update package with libpulp-0.2.6 * Add new `-R` option to specify a prefix root for livepatches (jsc#PED-1078). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:303-1 Released: Tue Feb 7 16:18:06 2023 Summary: Recommended update for sane-backends Type: recommended Severity: moderate References: This update of sane-backends fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:305-1 Released: Tue Feb 7 17:31:51 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:312-1 Released: Tue Feb 7 17:54:46 2023 Summary: Security update for openssl-3 Type: security Severity: important References: 1195149,1206222,1207533,1207534,1207535,1207536,1207538,1207539,1207540,1207541,CVE-2022-4203,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0216,CVE-2023-0217,CVE-2023-0286,CVE-2023-0401 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification (bsc#1207541). - CVE-2023-0217: Fixed NULL pointer dereference validating DSA public key (bsc#1207540). - CVE-2023-0216: Fixed invalid pointer dereference in d2i_PKCS7 functions (bsc#1207539). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - CVE-2022-4203: Fixed read Buffer Overflow with X.509 Name Constraints (bsc#1207535). Non-security fixes: - Fix SHA, SHAKE, KECCAK ASM and EC ASM flag passing (bsc#1206222). - Enable zlib compression support (bsc#1195149). - Add crypto-policies dependency. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:314-1 Released: Wed Feb 8 12:51:27 2023 Summary: Security update for apache2-mod_security2 Type: security Severity: important References: 1207378,CVE-2022-48279 This update for apache2-mod_security2 fixes the following issues: - CVE-2022-48279: Fixed a potential firewall bypass due to an incorrect parsing of HTTP multipart requests (bsc#1207378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:322-1 Released: Wed Feb 8 16:19:37 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436 This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:328-1 Released: Thu Feb 9 09:09:22 2023 Summary: Security update for rubygem-globalid Type: security Severity: moderate References: 1207587,CVE-2023-22799 This update for rubygem-globalid fixes the following issues: - CVE-2023-22799: Fixed ReDoS vulnerability (bsc#1207587). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:329-1 Released: Thu Feb 9 10:20:18 2023 Summary: Security update for MozillaThunderbird Type: security Severity: important References: 1207119,CVE-2022-46871,CVE-2022-46877,CVE-2023-0430,CVE-2023-23598,CVE-2023-23599,CVE-2023-23601,CVE-2023-23602,CVE-2023-23603,CVE-2023-23605 This update for MozillaThunderbird fixes the following issues: Updated to version 102.7.1 (bsc#1207119): * CVE-2022-46871: Fixed out of date libusrsctp. * CVE-2023-23598: Fixed arbitrary file read from GTK drag and drop on Linux. * CVE-2023-23599: Fixed issue where malicious command that could be hidden in devtools output on Windows. * CVE-2023-23601: Fixed issue where URL being dragged from cross-origin iframe into same tab triggers navigation. * CVE-2023-23602: Fixed Content Security Policy not being correctly applied to WebSockets in WebWorkers. * CVE-2022-46877: Fixed fullscreen notification bypass. * CVE-2023-23603: Fixed issue where calls to code tag allowed bypassing Content Security Policy via format directive. * CVE-2023-23605: Fixed memory safety bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:330-1 Released: Thu Feb 9 11:41:51 2023 Summary: Recommended update for pesign-obs-integration Type: recommended Severity: important References: 1195805,1205917,1207520 This update for pesign-obs-integration fixes the following issues: - Fix for a filename issue in the scripts of generated ueficert package (bsc#1195805, bsc#1205917) - fixed dependency generators (bsc#1207520)(jsc#PED-2658): - Add support for including macros in pesign-repackage.spec by using pesign-spec-macros - Add support for copying sources to the new build directory by using pesign-copy-sources - Update README for dependency generation, add Dependency Generation section ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:331-1 Released: Thu Feb 9 12:33:54 2023 Summary: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Type: security Severity: important References: 1204167,1205186,1206373,CVE-2022-2602,CVE-2022-3424,CVE-2022-4379 This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: - CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allowed an attacker to conduct a remote denial of service attack (bsc#1206373). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204167). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1205186). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:333-1 Released: Thu Feb 9 13:49:04 2023 Summary: Recommended update for amazon-ecs-init Type: recommended Severity: moderate References: This update for amazon-ecs-init fixes the following issues: - Add aarch64 binaries to the channels. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:334-1 Released: Thu Feb 9 13:49:43 2023 Summary: Recommended update for google-osconfig-agent Type: recommended Severity: moderate References: This update for google-osconfig-agent fixes the following issues: - Provide the latest version for SLE-15-SP4 too. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:341-1 Released: Fri Feb 10 10:04:35 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,1207473,1207475,CVE-2022-3094,CVE-2022-3736,CVE-2022-3924 This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:342-1 Released: Fri Feb 10 10:06:46 2023 Summary: Security update for tiff Type: security Severity: important References: 1207413,CVE-2022-48281 This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:343-1 Released: Fri Feb 10 12:29:50 2023 Summary: Security update for wireshark Type: security Severity: important References: 1206189,1207447,1207663,1207664,1207665,1207667,1207668,1207669,CVE-2022-4345,CVE-2023-0411,CVE-2023-0412,CVE-2023-0413,CVE-2023-0415,CVE-2023-0416,CVE-2023-0417 This update for wireshark fixes the following issues: - Updated to version 3.6.11 (bsc#1207447): - CVE-2023-0417: Fixed a memory leak in the NFS dissector (bsc#1207669). - CVE-2023-0413: Fixed a crash in the dissection engine (bsc#1207665). - CVE-2023-0416: Fixed a crash in the GNW dissector (bsc#1207668). - CVE-2023-0415: Fixed a crash in the iSCSI dissector (bsc#1207667). - CVE-2023-0411: Fixed several issues where an excessive CPU consumption could be triggered in multiple dissectors (bsc#1207663). - CVE-2023-0412: Fixed a crash in the TIPC dissector (bsc#1207664). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:346-1 Released: Fri Feb 10 15:06:56 2023 Summary: Recommended update for salt Type: recommended Severity: moderate References: 1204939 This update for salt fixes the following issues: - Control the collection of lvm grains via config (bsc#1204939) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:349-1 Released: Fri Feb 10 15:09:03 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1204294 This update for hwinfo fixes the following issues: - Create Xen usb controller device if necessary. (bsc#1204294) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:373-1 Released: Fri Feb 10 15:19:25 2023 Summary: Maintenance update for SUSE Manager 4.3.4 Release Notes Type: security Severity: important References: 1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415 Maintenance update for SUSE Manager 4.3.4 Release Notes: This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:375-1 Released: Fri Feb 10 17:05:34 2023 Summary: Security update for java-1_8_0-ibm Type: security Severity: moderate References: 1204703,1205302,CVE-2022-3676 This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:376-1 Released: Mon Feb 13 03:06:47 2023 Summary: Recommended update for pacemaker Type: recommended Severity: important References: 1206263,1206761 This update for pacemaker fixes the following issues: - Fix issues with SAPHanaController instances in SAPHanaSR ScaleOut cluster (bsc#1206263) - Fix a memory access violation in error handling in crm_resource (bsc#1206761) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:384-1 Released: Mon Feb 13 03:10:52 2023 Summary: Recommended update for irqbalance Type: recommended Severity: important References: 1204962,1206661 This update for irqbalance fixes the following issues: - Fix `--banmod` option not working as expected (bsc#1206661, bsc#1204962) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:386-1 Released: Mon Feb 13 03:12:28 2023 Summary: Recommended update for NetworkManager-applet Type: recommended Severity: important References: This update for NetworkManager-applet fixes the following issues: - Fix build issues related to meson ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:388-1 Released: Mon Feb 13 09:39:56 2023 Summary: Recommended update for crmsh Type: recommended Severity: moderate References: 1201785,1205522,1205615,1205727,1205735 This update for crmsh fixes the following issues: - Add a mechanism for updating cluster configuration after version update (bsc#1201785) - cibconfig: Set 'promotable=true' and 'interlave=true' if resource instances need to be Promoted/Unpromoted with the resource agent (bsc#1205522) - Fix help text for consistency in both `help` subcommand and `--help` argument (bsc#1205735) - Fix passwordless ssh authentication for hacluster automatically when a new node is joining the cluster (bsc#1201785) - Fix sbd not starting up if qdevice configuration is enabled (bsc#1205727) - Show corosync ring status if it has faults (bsc#1205615) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:389-1 Released: Mon Feb 13 09:41:49 2023 Summary: Security update for apr-util Type: security Severity: critical References: 1207866,CVE-2022-25147 This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:394-1 Released: Mon Feb 13 10:10:23 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0179,CVE-2023-0266 The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:399-1 Released: Mon Feb 13 16:17:28 2023 Summary: Security update for freerdp Type: security Severity: moderate References: 1205512,CVE-2022-39316,CVE-2022-39317,CVE-2022-39320,CVE-2022-39347,CVE-2022-41877 This update for freerdp fixes the following issues: - CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512). - CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512). - CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512). - CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512). - CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:401-1 Released: Tue Feb 14 07:15:50 2023 Summary: Feature update for LibreOffice Type: feature Severity: moderate References: This update for LibreOffice fixes the following issues: libreoffice: - Version update from 7.3.6.2 to 7.4.3.2 (jsc#PED-1785): * For the highlights of changes of version 7.4 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.4 * Updated bundled dependencies: * boost version update from 1_77_0 to 1_79_0 * curl version update from 7.83.1 to 7.86.0 * icu4c-data version update from 70_1 to 71_1 * icu4c version update from 70_1 to 71_1 * pdfium version update from 4699 to 5058 * poppler version update from 21.11.0 to 22.09.0 * poppler-data version update from 0.4.10 to 0.4.11 * skia version from m97-a7230803d64ae9d44f4e128244480111a3ae967 to m103-b301ff025004c9cd82816c86c547588e6c24b466 * New build dependencies: * fixmath-devel * libwebp-devel * zlib-devel * dragonbox-devel * at-spi2-core-devel * libtiff-devel dragonbox: - New package at version 1.1.3 * New dependency for LibreOffice 7.4 fixmath: - New package at version 2022.07.20 * New dependency for LibreOffice 7.4 libmwaw: - Version update from 0.3.20 to 0.3.21 (jsc#PED-1785): * add debug code to read some private rsrc data * allow to read some MacWrite which does not have printer informations * add a parser for Scoop files * add a parser for ScriptWriter files * add a parser for ReadySetGo 1-4 files ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:405-1 Released: Tue Feb 14 11:47:47 2023 Summary: Security update for libbpf Type: security Severity: important References: 1204391,1204502,CVE-2022-3534,CVE-2022-3606 This update for libbpf fixes the following issues: - CVE-2022-3534: Fixed use-after-free in btf_dump_name_dups (bsc#1204391). - CVE-2022-3606: Fixed null pointer dereference in find_prog_by_sec_insn() (bsc#1204502). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:411-1 Released: Tue Feb 14 17:07:00 2023 Summary: Security update for haproxy Type: security Severity: critical References: 1208132,CVE-2023-25725 This update for haproxy fixes the following issues: - CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132). - Fixed an issue where sensitive data might leak to the backend. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:423-1 Released: Wed Feb 15 13:41:56 2023 Summary: Security update for aws-efs-utils Type: security Severity: moderate References: 1191055,1206737,CVE-2022-46174 This update for aws-efs-utils fixes the following issues: - Updated to version 1.34.5: - CVE-2022-46174: Fixed a race condition when mounting filesystems using TLS, which could result in various failures (bsc#1206737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:427-1 Released: Wed Feb 15 17:40:08 2023 Summary: Security update for bind Type: security Severity: important References: 1207471,CVE-2022-3094 This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:428-1 Released: Wed Feb 15 17:40:56 2023 Summary: Security update for ImageMagick Type: security Severity: important References: 1207982,1207983,CVE-2022-44267,CVE-2022-44268 This update for ImageMagick fixes the following issues: - CVE-2022-44267: Fixed a denial of service when parsing a PNG image (bsc#1207982). - CVE-2022-44268: Fixed arbitrary file disclosure when parsing a PNG image (bsc#1207983). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:431-1 Released: Wed Feb 15 17:43:13 2023 Summary: Security update for apache2-mod_security2 Type: security Severity: important References: 1207379,CVE-2023-24021 This update for apache2-mod_security2 fixes the following issues: - CVE-2023-24021: Fixed FILES_TMP_CONTENT missing complete content (bsc#1207379). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:432-1 Released: Wed Feb 15 18:48:25 2023 Summary: Recommended update for graphite2 Type: recommended Severity: moderate References: 1207676 This update for graphite2 fixes the following issue: - Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later (bsc#1207676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:433-1 Released: Thu Feb 16 08:42:45 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1185861,1185863,1186449,1191256,1192868,1193629,1194869,1195175,1195655,1196058,1199701,1204063,1204356,1204662,1205495,1206006,1206036,1206056,1206057,1206258,1206363,1206459,1206616,1206677,1206784,1207010,1207034,1207036,1207050,1207125,1207134,1207149,1207158,1207184,1207186,1207190,1207237,1207263,1207269,1207497,1207500,1207501,1207506,1207507,1207734,1207769,1207795,1207842,1207878,1207933,CVE-2020-24588,CVE-2022-4382,CVE-2022-47929,CVE-2023-0122,CVE-2023-0179,CVE-2023-0266,CVE-2023-0590,CVE-2023-23454,CVE-2023-23455 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes). - Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes). - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes). - Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes). - Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes). - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes). - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:434-1 Released: Thu Feb 16 09:08:05 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1208138,CVE-2023-0767 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:435-1 Released: Thu Feb 16 11:06:29 2023 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1205916,1207246,1207248,CVE-2023-21835,CVE-2023-21843 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:439-1 Released: Thu Feb 16 13:09:30 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1069169,1186056,1204929,1205175 This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:444-1 Released: Fri Feb 17 09:44:11 2023 Summary: Security update for rubygem-actionpack-5_1 Type: security Severity: important References: 1207451,1207455,CVE-2023-22792,CVE-2023-22795 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache (bsc#1207451). - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies (bnc#1207455). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:452-1 Released: Mon Feb 20 11:11:10 2023 Summary: Recommended update for build Type: recommended Severity: moderate References: This update for build fixes the following issues: build was updated to the current version: - CycloneDX SBOM support added - added support for generating VCS url information into rpms - SPDX SBOM generation for container and product builds - Revert & Redo 'Better filetype detection for temp changes files' - Fix typo in glibc hwcaps supplements - Implement lua string macros - configure mkbaselibs to create glibc-hwcaps baselibs as well - Better filetype detection for temp changes files - Add hook to run checks after mkbaselibs run - Delete leftover multilinedefine variable definition - Support multiline macros in the config's macro sections - Support #!BuildConstraint lines - Support #!BuildTarget in spec files to set the build target (as workaround of broken BuildArch in rpm since 2001) - Support a regexp for file renames - Set home to /root when running build time services - INCOMPATIBLE CHANGE: get rid off the power8 cpu limitation (#889) on powerpc - Add handling of non-compressed tar when creating Debian archive for DSC 3.0 - Add automatic build-in-place detection - Support dist/package subdir builds in pbuild - Skip iothreads on QEMU 7.1.0 - Fix permissions of /dev/pts/ptmx - Add license to container package list output - initial SP5 build configurations - vm-type:qemu use virtio on x86_64 - Improve installation of obs-docker-support for multi-stage builds - Tweak ARG handling in dockerfile parser - fixed Undefined subroutine &PBuild::Job::ls issue - Add missing dependencies from vc as Recommends - sync factory build config - build-recipe-livebuild: run as root - vm_kill_kvm: Use SIGKILL after 3 minutes if the kvm process is not going away - Zip: Allow extraction of symlink targets - Convert obsolete egrep/fgrep calls to grep -E/-F - Add RemoteAsset support for Dockerfile based builds - new image format: mkosi - Support stacked container builds - Revert 'build-vm-kvm: enable l3-cache on i386/x86_64 builds' - handling of non-compressed tar when creating Debian archive for DSC 3.0 - kvm: exclude powerpc from io_uring, enable iothreads always (#829) - kvm: enable more performant I/O also for s390(x) (#828) - Changelog patching when building DSC format 3.0. (#831) - support for building from slsa provenance files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:457-1 Released: Mon Feb 20 12:56:48 2023 Summary: Recommended update for scap-security-guide Type: recommended Severity: moderate References: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.66 (jsc#ECO-3319) - Ubuntu 22.04 CIS - OL7 stig v2r9 update - Bump OL8 STIG version to V1R4 - Update RHEL7 STIG to V3R10 - Update RHEL8 STIG to V1R9 - Introduce CIS RHEL9 profiles - also various SUSE profile fixes were done ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:461-1 Released: Mon Feb 20 14:36:11 2023 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1208138,1208144,CVE-2023-0767,CVE-2023-25728,CVE-2023-25729,CVE-2023-25730,CVE-2023-25732,CVE-2023-25734,CVE-2023-25735,CVE-2023-25737,CVE-2023-25738,CVE-2023-25739,CVE-2023-25742,CVE-2023-25743,CVE-2023-25744,CVE-2023-25746 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR (bsc#1208144): - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. - CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. - CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. - CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. - CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. - CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. - CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. - CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. - CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. - CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. - CVE-2023-25744: Fixed Memory safety bugs. - CVE-2023-25746: Fixed Memory safety bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:465-1 Released: Mon Feb 20 18:33:58 2023 Summary: Security update for prometheus-ha_cluster_exporter Type: security Severity: important References: 1208046,1208047,CVE-2022-46146 This update for prometheus-ha_cluster_exporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:470-1 Released: Tue Feb 21 10:05:53 2023 Summary: Security update for clamav Type: security Severity: critical References: 1208363,1208365,CVE-2023-20032,CVE-2023-20052 This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:472-1 Released: Tue Feb 21 10:19:47 2023 Summary: Feature update for nvptx-tools Type: feature Severity: moderate References: This update for nvptx-tools fixes the following issues: Update nvptx-tools (jsc#SLE-25047): - Add fixes which deal with CUDA 11 dropping support for NVIDIA Kepler sm_30 and sm_32 - Add command line tools `nvptx-none-run` and `nvptx-none-run-single` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:473-1 Released: Tue Feb 21 15:16:31 2023 Summary: Recommended update for libica, openssl-ibmca, openCryptoki Type: recommended Severity: moderate References: 1202365 This update for libica fixes the following issues: libica was upgraded to version 4.2.0 (jsc#PED-581, bsc#1202365). Note that the major library versions was changed from libica.so.3 to libica.so.4. Features: - Display build info via icainfo -v - New API function ica_get_build_version() - Display fips indication via icainfo -f - New API function ica_get_fips_indicator() - New API function ica_aes_gcm_initialize_fips() - New API function ica_aes_gcm_kma_get_iv() - New API function ica_get_msa_level() Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1: - Fix aes-xts multi-part operations v4.1.0 - FIPS: make libica FIPS 140-3 compliant - New API function ica_ecdsa_sign_ex() - New icainfo output option -r Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) v4.0.3 - Reduce the number of open file descriptors - Various bug fixes v4.0.2 - Various bug fixes v4.0.1 - Various bug fixes - Compute HMAC from installed library v4.0.0 - NO_SW_FALLBACKS is now the default for libica.so - Removed deprecated API functions including tests - Introduced 'const' for some API function parameters - icastats: new parm -k to display detailed counters This update also provides rebuilds of openssl-ibmca and openCryptoki against the new libica. openssl-ibmca was updated: - Upgraded to version 2.3.1 (jsc#PED-597) - Adjustments for libica 4.1.0 - First version including the provider - Fix for engine build without OpenSSL 3.0 sources - Fix PKEY segfault with OpenSSL 3.0 - Build against libica 4.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:474-1 Released: Wed Feb 22 09:46:25 2023 Summary: Recommended update for pdsh Type: recommended Severity: moderate References: 1206795 This update for pdsh fixes the following issues: - Backport a number of features and fixes from the git master branch (bsc#1206795): Add '-C' option on Slurm plugin to restrict selected nodes to ones with the specified features present. Add option '-k' to the ssh plugin to fail faster on connection failures. Fix use of strchr. Dshbak: Fix uninitialized use of $tag on empty input. Dsh: Release a lock that is no longer used. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:477-1 Released: Wed Feb 22 14:00:53 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1195437,1195438,1204068,1204091 This update for google-guest-configs fixes the following issues: - Add nvme-cli to Requires (bsc#1204068, bsc#1204091) - Update to version 20220211.00 (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:481-1 Released: Thu Feb 23 07:59:22 2023 Summary: Recommended update for yast2-sap-ha Type: recommended Severity: moderate References: 1202979,1206601 This update for yast2-sap-ha fixes the following issues: - Use ruby base64 to replace uuencode/uudecode. (bsc#1206601) - YaST2 HA Setup for SAP Products - cannot input several instance numbers. (bsc#1202979) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:482-1 Released: Thu Feb 23 10:00:19 2023 Summary: Security update for openssl-1_1-livepatches Type: security Severity: important References: 1207533,CVE-2023-0286 This update for openssl-1_1-livepatches fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralName via livepatch (bsc#1207533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:484-1 Released: Thu Feb 23 10:26:47 2023 Summary: Security update for pesign Type: security Severity: important References: 1202933,CVE-2022-3560 This update for pesign fixes the following issues: - CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root (bsc#1202933). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:486-1 Released: Thu Feb 23 10:38:13 2023 Summary: Security update for c-ares Type: security Severity: important References: 1208067,CVE-2022-4904 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:489-1 Released: Thu Feb 23 11:08:51 2023 Summary: Security update for webkit2gtk3 Type: security Severity: important References: 1206750,1207997,1208328,CVE-2022-42826,CVE-2022-42852,CVE-2022-42863,CVE-2022-42867,CVE-2022-46691,CVE-2022-46692,CVE-2022-46698,CVE-2022-46699,CVE-2022-46700,CVE-2023-23517,CVE-2023-23518,CVE-2023-23529 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): - CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. - CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:491-1 Released: Thu Feb 23 11:17:11 2023 Summary: Recommended update for yast2-network Type: recommended Severity: important References: 1206551,1207221 This update for yast2-network fixes the following issues: - Fix the return of packages needed by the selected backend when running an autoinstallation (bsc#1207221) - Report a warning message for issues detected when the NETMASK or PREFIXLEN are invalid and allow the user to stop or to continue with the broken configuration (bsc#1206551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:492-1 Released: Thu Feb 23 11:38:57 2023 Summary: Security update for rubygem-activerecord-5_1 Type: security Severity: moderate References: 1207450,CVE-2022-44566 This update for rubygem-activerecord-5_1 fixes the following issues: - CVE-2022-44566: Fixed possible denial of service vulnerability in ActiveRecord's PostgreSQL adapter (bsc#1207450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:495-1 Released: Thu Feb 23 12:48:29 2023 Summary: Security update for poppler Type: security Severity: important References: 1202692,CVE-2022-38784 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:335-1 Released: Thu Aug 10 16:26:04 2023 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: This update for hyper-v fixes the following issues: - Provide the latest version for SLE-15-SP4. The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.3.1 updated - apparmor-docs-3.0.4-150400.5.3.1 updated - apparmor-parser-lang-3.0.4-150400.5.3.1 updated - apparmor-profiles-3.0.4-150400.5.3.1 updated - apparmor-utils-3.0.4-150400.5.3.1 updated - apparmor-utils-lang-3.0.4-150400.5.3.1 updated - autoyast2-4.4.43-150400.3.16.1 updated - autoyast2-installation-4.4.43-150400.3.16.1 updated - bash-completion-2.7-150400.13.3.1 updated - bash-completion-devel-2.7-150400.13.3.1 updated - bash-completion-doc-2.7-150400.13.3.1 updated - bcel-5.2-150200.11.3.1 updated - ca-certificates-mozilla-2.60-150200.27.1 updated - cepces-0.3.4-150400.3.6.1 updated - cepces-certmonger-0.3.4-150400.3.6.1 updated - emacs-el-27.2-150400.3.3.1 updated - emacs-info-27.2-150400.3.3.1 updated - gio-branding-SLE-15-150400.27.2.1 updated - glib2-lang-2.70.5-150400.3.3.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-snapper-plugin-2.06-150400.11.17.1 updated - grub2-systemd-sleep-plugin-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - gstreamer-plugins-good-lang-1.20.1-150400.3.3.1 updated - hwdata-0.365-150000.3.54.1 updated - jackson-databind-2.13.4.2-150200.3.12.1 updated - kernel-devel-5.14.21-150400.24.46.1 updated - kernel-firmware-all-20220509-150400.4.13.1 updated - kernel-firmware-amdgpu-20220509-150400.4.13.1 updated - kernel-firmware-ath10k-20220509-150400.4.13.1 updated - kernel-firmware-ath11k-20220509-150400.4.13.1 updated - kernel-firmware-atheros-20220509-150400.4.13.1 updated - kernel-firmware-bluetooth-20220509-150400.4.13.1 updated - kernel-firmware-bnx2-20220509-150400.4.13.1 updated - kernel-firmware-brcm-20220509-150400.4.13.1 updated - kernel-firmware-chelsio-20220509-150400.4.13.1 updated - kernel-firmware-dpaa2-20220509-150400.4.13.1 updated - kernel-firmware-i915-20220509-150400.4.13.1 updated - kernel-firmware-intel-20220509-150400.4.13.1 updated - kernel-firmware-iwlwifi-20220509-150400.4.13.1 updated - kernel-firmware-liquidio-20220509-150400.4.13.1 updated - kernel-firmware-marvell-20220509-150400.4.13.1 updated - kernel-firmware-media-20220509-150400.4.13.1 updated - kernel-firmware-mediatek-20220509-150400.4.13.1 updated - kernel-firmware-mellanox-20220509-150400.4.13.1 updated - kernel-firmware-mwifiex-20220509-150400.4.13.1 updated - kernel-firmware-network-20220509-150400.4.13.1 updated - kernel-firmware-nfp-20220509-150400.4.13.1 updated - kernel-firmware-nvidia-20220509-150400.4.13.1 updated - kernel-firmware-platform-20220509-150400.4.13.1 updated - kernel-firmware-prestera-20220509-150400.4.13.1 updated - kernel-firmware-qcom-20220509-150400.4.13.1 updated - kernel-firmware-qlogic-20220509-150400.4.13.1 updated - kernel-firmware-radeon-20220509-150400.4.13.1 updated - kernel-firmware-realtek-20220509-150400.4.13.1 updated - kernel-firmware-serial-20220509-150400.4.13.1 updated - kernel-firmware-sound-20220509-150400.4.13.1 updated - kernel-firmware-ti-20220509-150400.4.13.1 updated - kernel-firmware-ueagle-20220509-150400.4.13.1 updated - kernel-firmware-usb-network-20220509-150400.4.13.1 updated - kernel-macros-5.14.21-150400.24.46.1 updated - keylime-agent-6.3.2-150400.4.14.1 updated - keylime-config-6.3.2-150400.4.14.1 updated - keylime-firewalld-6.3.2-150400.4.14.1 updated - keylime-logrotate-6.3.2-150400.4.14.1 updated - keylime-registrar-6.3.2-150400.4.14.1 updated - keylime-tpm_cert_store-6.3.2-150400.4.14.1 updated - keylime-verifier-6.3.2-150400.4.14.1 updated - libX11-data-1.6.5-150000.3.24.1 updated - libsecret-lang-0.20.5-150400.4.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - mlocate-lang-0.26-150400.16.3.1 updated - novnc-1.2.0-150100.3.6.1 updated - pam-doc-1.3.0-150000.6.61.1 updated - plymouth-dracut-0.9.5~git20210406.e554475-150400.3.8.1 updated - plymouth-lang-0.9.5~git20210406.e554475-150400.3.8.1 updated - plymouth-scripts-0.9.5~git20210406.e554475-150400.3.8.1 updated - polkit-default-privs-13.2+20221216.a0c29e6-150400.3.3.1 updated - postgresql-15-150400.4.6.2 updated - publicsuffix-20220903-150000.3.12.1 updated - python3-Mako-1.0.7-150000.3.3.1 updated - python3-apipkg-1.4-150000.3.4.1 updated - python3-bind-9.16.37-150400.5.17.1 updated - python3-cepces-0.3.4-150400.3.6.1 updated - python3-certifi-2018.1.18-150000.3.3.1 updated - python3-future-0.18.2-150300.3.3.1 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - python3-keylime-6.3.2-150400.4.14.1 updated - python3-paramiko-2.4.3-150100.6.18.1 updated - python3-py-1.10.0-150100.5.12.1 updated - python3-rsa-3.4.2-150000.3.7.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - python3-setuptools-test-44.1.1-150400.3.3.1 updated - python3-setuptools-wheel-44.1.1-150400.3.3.1 updated - python3-sphinx_rtd_theme-0.5.1-150000.3.5.1 updated - python3-webencodings-0.5.1-150000.3.3.1 updated - python3-wheel-0.32.3-150100.6.5.1 updated - salt-bash-completion-3004-150400.8.20.1 updated - salt-zsh-completion-3004-150400.8.20.1 updated - scap-security-guide-0.1.66-150000.1.56.1 updated - scap-security-guide-debian-0.1.66-150000.1.56.1 updated - scap-security-guide-redhat-0.1.66-150000.1.56.1 updated - scap-security-guide-ubuntu-0.1.66-150000.1.56.1 updated - strongswan-doc-5.8.2-150400.19.3.3 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - systemd-lang-249.15-150400.8.22.1 updated - tar-lang-1.34-150000.3.31.1 updated - tftpboot-installation-SLE-15-SP4-aarch64-16.57.20-150400.2.37 updated - tftpboot-installation-SLE-15-SP4-ppc64le-16.57.20-150400.2.37 updated - tftpboot-installation-SLE-15-SP4-s390x-16.57.20-150400.2.37 updated - tftpboot-installation-SLE-15-SP4-x86_64-16.57.20-150400.2.37 updated - timezone-java-2022g-150000.75.18.1 updated - ucode-amd-20220509-150400.4.13.1 updated - util-linux-lang-2.37.2-150400.8.14.1 updated - vim-data-9.0.1234-150000.5.34.1 updated - vim-data-common-9.0.1234-150000.5.34.1 updated - xmlbeans-2.6.0-150000.5.3.1 updated - yast2-http-server-4.4.2-150400.3.3.1 updated - yast2-installation-4.4.58-150400.3.15.1 updated - yast2-network-4.4.55-150400.3.15.1 updated - yast2-online-update-4.4.4-150400.3.3.1 updated - yast2-online-update-frontend-4.4.4-150400.3.3.1 updated - yast2-security-4.4.18-150400.3.13.1 updated - OpenIPMI-2.0.31-150400.3.2.1 updated - OpenIPMI-devel-2.0.31-150400.3.2.1 updated - apache2-2.4.51-150400.6.6.1 updated - apache2-prefork-2.4.51-150400.6.6.1 updated - apache2-utils-2.4.51-150400.6.6.1 updated - apparmor-parser-3.0.4-150400.5.3.1 updated - apr-util-devel-1.6.1-150300.18.5.1 updated - audit-3.0.6-150400.4.6.1 updated - audit-audispd-plugins-3.0.6-150400.4.6.1 updated - bind-devel-9.16.6-150300.22.27.1 updated - bind-utils-9.16.37-150400.5.17.1 updated - binutils-2.39-150100.7.40.1 updated - binutils-devel-2.39-150100.7.40.1 updated - bluez-5.62-150400.4.8.1 updated - bluez-deprecated-5.62-150400.4.8.1 updated - busybox-1.35.0-150400.3.8.1 updated - busybox-static-1.35.0-150400.3.8.1 updated - c-ares-devel-1.19.0-150000.3.20.1 updated - clamav-0.103.8-150000.3.44.1 updated - clamav-devel-0.103.8-150000.3.44.1 updated - collectd-5.12.0-150400.3.2.1 updated - collectd-plugin-buddyinfo-5.12.0-150400.3.2.1 updated - collectd-plugin-connectivity-5.12.0-150400.3.2.1 updated - collectd-plugin-dbi-5.12.0-150400.3.2.1 updated - collectd-plugin-ipmi-5.12.0-150400.3.2.1 updated - collectd-plugin-java-5.12.0-150400.3.2.1 updated - collectd-plugin-logparser-5.12.0-150400.3.2.1 updated - collectd-plugin-lua-5.12.0-150400.3.2.1 updated - collectd-plugin-mcelog-5.12.0-150400.3.2.1 updated - collectd-plugin-memcachec-5.12.0-150400.3.2.1 updated - collectd-plugin-mysql-5.12.0-150400.3.2.1 updated - collectd-plugin-notify-desktop-5.12.0-150400.3.2.1 updated - collectd-plugin-nut-5.12.0-150400.3.2.1 updated - collectd-plugin-openldap-5.12.0-150400.3.2.1 updated - collectd-plugin-ovs-5.12.0-150400.3.2.1 updated - collectd-plugin-pcie-5.12.0-150400.3.2.1 updated - collectd-plugin-pinba-5.12.0-150400.3.2.1 updated - collectd-plugin-postgresql-5.12.0-150400.3.2.1 updated - collectd-plugin-procevent-5.12.0-150400.3.2.1 updated - collectd-plugin-python3-5.12.0-150400.3.2.1 updated - collectd-plugin-smart-5.12.0-150400.3.2.1 updated - collectd-plugin-snmp-5.12.0-150400.3.2.1 updated - collectd-plugin-synproxy-5.12.0-150400.3.2.1 updated - collectd-plugin-sysevent-5.12.0-150400.3.2.1 updated - collectd-plugin-ubi-5.12.0-150400.3.2.1 updated - collectd-plugin-uptime-5.12.0-150400.3.2.1 updated - collectd-plugin-virt-5.12.0-150400.3.2.1 updated - collectd-plugin-write_influxdb_udp-5.12.0-150400.3.2.1 updated - collectd-plugin-write_stackdriver-5.12.0-150400.3.2.1 updated - collectd-plugin-write_syslog-5.12.0-150400.3.2.1 updated - collectd-plugins-all-5.12.0-150400.3.2.1 updated - collectd-spamassassin-5.12.0-150400.3.2.1 updated - collectd-web-5.12.0-150400.3.2.1 updated - collectd-web-js-5.12.0-150400.3.2.1 updated - curl-7.79.1-150400.5.15.1 updated - db48-utils-4.8.30-150000.7.6.1 updated - dconf-0.40.0-150400.3.3.2 updated - device-mapper-2.03.05_1.02.163-150400.185.1 updated - device-mapper-devel-2.03.05_1.02.163-150400.185.1 updated - dhcp-4.3.6.P1-150000.6.17.1 updated - dhcp-client-4.3.6.P1-150000.6.17.1 updated - dhcp-devel-4.3.6.P1-150000.6.17.1 updated - dracut-055+suse.331.g05b9ccb7-150400.3.16.1 updated - dracut-fips-055+suse.331.g05b9ccb7-150400.3.16.1 updated - dracut-ima-055+suse.331.g05b9ccb7-150400.3.16.1 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 updated - emacs-27.2-150400.3.3.1 updated - emacs-nox-27.2-150400.3.3.1 updated - etags-27.2-150400.3.3.1 updated - expat-2.4.4-150400.3.12.1 updated - gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 updated - git-core-2.35.3-150300.10.24.1 updated - glib2-devel-2.70.5-150400.3.3.1 updated - glib2-tools-2.70.5-150400.3.3.1 updated - gnutls-3.7.3-150400.4.27.1 updated - graphite2-devel-1.3.11-150000.4.3.1 updated - grub2-2.06-150400.11.17.1 updated - gsettings-backend-dconf-0.40.0-150400.3.3.2 updated - gstreamer-plugins-good-1.20.1-150400.3.3.1 updated - hplip-devel-3.21.10-150400.3.5.1 updated - hplip-hpijs-3.21.10-150400.3.5.1 updated - hplip-sane-3.21.10-150400.3.5.1 updated - hwinfo-21.84-150400.3.9.1 updated - hwinfo-devel-21.84-150400.3.9.1 updated - hyper-v-8-150200.14.8.1 updated - ipset-7.15-150400.12.3.2 updated - ipset-devel-7.15-150400.12.3.2 updated - iputils-20211215-150400.3.3.2 updated - irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1 updated - java-11-openjdk-11.0.17.0-150000.3.86.2 updated - java-11-openjdk-demo-11.0.17.0-150000.3.86.2 updated - java-11-openjdk-devel-11.0.17.0-150000.3.86.2 updated - java-11-openjdk-headless-11.0.17.0-150000.3.86.2 updated - java-17-openjdk-17.0.6.0-150400.3.12.1 updated - java-17-openjdk-demo-17.0.6.0-150400.3.12.1 updated - java-17-openjdk-devel-17.0.6.0-150400.3.12.1 updated - java-17-openjdk-headless-17.0.6.0-150400.3.12.1 updated - kdump-1.0.2+git18.g615d6ab-150400.3.8.1 updated - kernel-default-5.14.21-150400.24.46.1 updated - kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3 updated - kernel-default-devel-5.14.21-150400.24.46.1 updated - krb5-1.19.2-150400.3.3.1 updated - krb5-32bit-1.19.2-150400.3.3.1 updated - krb5-client-1.19.2-150400.3.3.1 updated - krb5-devel-1.19.2-150400.3.3.1 updated - krb5-plugin-preauth-otp-1.19.2-150400.3.3.1 updated - krb5-plugin-preauth-pkinit-1.19.2-150400.3.3.1 updated - less-590-150400.3.3.1 updated - libLLVM11-11.0.1-150300.3.6.1 updated - libLLVM11-32bit-11.0.1-150300.3.6.1 updated - libLLVM9-9.0.1-150200.3.6.1 updated - libOpenIPMI0-2.0.31-150400.3.2.1 updated - libX11-6-1.6.5-150000.3.24.1 updated - libX11-6-32bit-1.6.5-150000.3.24.1 updated - libX11-devel-1.6.5-150000.3.24.1 updated - libX11-xcb1-1.6.5-150000.3.24.1 updated - libX11-xcb1-32bit-1.6.5-150000.3.24.1 updated - libXpm-devel-3.5.12-150000.3.7.2 updated - libXpm4-3.5.12-150000.3.7.2 updated - libapparmor-devel-3.0.4-150400.5.3.1 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libapparmor1-32bit-3.0.4-150400.5.3.1 updated - libapr-util1-1.6.1-150300.18.5.1 updated - libarchive-devel-3.5.1-150400.3.12.1 updated - libarchive13-3.5.1-150400.3.12.1 updated - libasan8-12.2.1+git416-150000.1.5.1 added - libasan8-32bit-12.2.1+git416-150000.1.5.1 added - libatomic1-12.2.1+git416-150000.1.5.1 updated - libatomic1-32bit-12.2.1+git416-150000.1.5.1 updated - libbind9-1600-9.16.6-150300.22.27.1 updated - libblkid-devel-2.37.2-150400.8.14.1 updated - libblkid-devel-static-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libblkid1-32bit-2.37.2-150400.8.14.1 updated - libbluetooth3-5.62-150400.4.8.1 updated - libbpf0-0.5.0-150400.3.3.1 updated - libc++-devel-11.0.1-150300.3.6.1 updated - libc++1-11.0.1-150300.3.6.1 updated - libc++abi-devel-11.0.1-150300.3.6.1 updated - libc++abi1-11.0.1-150300.3.6.1 updated - libcares2-1.19.0-150000.3.20.1 updated - libclamav9-0.103.8-150000.3.44.1 updated - libclang9-9.0.1-150200.3.6.1 updated - libcollectdclient-devel-5.12.0-150400.3.2.1 updated - libcollectdclient1-5.12.0-150400.3.2.1 updated - libctf-nobfd0-2.39-150100.7.40.1 updated - libctf0-2.39-150100.7.40.1 updated - libcurl-devel-7.79.1-150400.5.15.1 updated - libcurl4-32bit-7.79.1-150400.5.15.1 updated - libcurl4-7.79.1-150400.5.15.1 updated - libdb-4_8-32bit-4.8.30-150000.7.6.1 updated - libdb-4_8-4.8.30-150000.7.6.1 updated - libdb-4_8-devel-4.8.30-150000.7.6.1 updated - libdconf1-0.40.0-150400.3.3.2 updated - libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libdevmapper1_03-32bit-2.03.05_1.02.163-150400.185.1 updated - libdns1605-9.16.6-150300.22.27.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libexpat-devel-2.4.4-150400.3.12.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libexpat1-32bit-2.4.4-150400.3.12.1 updated - libfdisk-devel-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libfreebl3-3.79.4-150400.3.26.1 updated - libfreebl3-32bit-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-3.79.4-150400.3.26.1 updated - libfreebl3-hmac-32bit-3.79.4-150400.3.26.1 updated - libfreshclam2-0.103.8-150000.3.44.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgcc_s1-32bit-12.2.1+git416-150000.1.5.1 updated - libgfortran5-12.2.1+git416-150000.1.5.1 updated - libgfortran5-32bit-12.2.1+git416-150000.1.5.1 updated - libgio-2_0-0-2.70.5-150400.3.3.1 updated - libgio-2_0-0-32bit-2.70.5-150400.3.3.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libglib-2_0-0-32bit-2.70.5-150400.3.3.1 updated - libgmodule-2_0-0-2.70.5-150400.3.3.1 updated - libgmodule-2_0-0-32bit-2.70.5-150400.3.3.1 updated - libgnutls-devel-3.7.3-150400.4.27.1 updated - libgnutls30-3.7.3-150400.4.27.1 updated - libgnutls30-32bit-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-3.7.3-150400.4.27.1 updated - libgnutls30-hmac-32bit-3.7.3-150400.4.27.1 updated - libgnutlsxx-devel-3.7.3-150400.4.27.1 updated - libgnutlsxx28-3.7.3-150400.4.27.1 updated - libgobject-2_0-0-2.70.5-150400.3.3.1 updated - libgobject-2_0-0-32bit-2.70.5-150400.3.3.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libgomp1-32bit-12.2.1+git416-150000.1.5.1 updated - libgraphite2-3-1.3.11-150000.4.3.1 updated - libgraphite2-3-32bit-1.3.11-150000.4.3.1 updated - libgthread-2_0-0-2.70.5-150400.3.3.1 updated - libgtk-vnc-2_0-0-1.3.1-150400.3.3.1 updated - libgvnc-1_0-0-1.3.1-150400.3.3.1 updated - libhandle1-5.13.0-150400.3.3.1 updated - libipa_hbac-devel-2.5.2-150400.4.11.1 updated - libipa_hbac0-2.5.2-150400.4.11.1 updated - libipset13-7.15-150400.12.3.2 added - libirs-devel-9.16.6-150300.22.27.1 updated - libirs1601-9.16.6-150300.22.27.1 updated - libisc1606-9.16.6-150300.22.27.1 updated - libisccc1600-9.16.6-150300.22.27.1 updated - libisccfg1600-9.16.6-150300.22.27.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - libitm1-32bit-12.2.1+git416-150000.1.5.1 updated - libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2 updated - libksba-devel-1.3.5-150000.4.6.1 updated - libksba8-1.3.5-150000.4.6.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - liblvm2cmd2_03-2.03.05-150400.185.1 updated - libmilter1_0-8.15.2-150000.8.9.1 updated - libminizip1-1.2.11-150000.3.39.1 updated - libmount-devel-2.37.2-150400.8.14.1 updated - libmount1-2.37.2-150400.8.14.1 updated - libmount1-32bit-2.37.2-150400.8.14.1 updated - libnotify4-0.7.12-150400.3.3.1 updated - libns1604-9.16.6-150300.22.27.1 updated - libnvme-devel-1.0-150400.3.12.1 updated - libnvme1-1.0-150400.3.12.1 updated - libobjc4-12.2.1+git416-150000.1.5.1 updated - libobjc4-32bit-12.2.1+git416-150000.1.5.1 updated - libopenscap25-1.3.6-150400.11.3.1 updated - libopenssl-1_1-devel-1.1.1l-150400.7.22.1 updated - libopenssl-1_1-devel-32bit-1.1.1l-150400.7.22.1 updated - libopenssl-3-devel-3.0.1-150400.4.17.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-32bit-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-32bit-1.1.1l-150400.7.22.1 updated - libopenssl3-3.0.1-150400.4.17.1 updated - libpainter0-0.9.13.1-150200.4.18.1 updated - libpfm-devel-4.11.0-150400.5.3.1 updated - libpfm4-4.11.0-150400.5.3.1 updated - libpixman-1-0-0.40.0-150400.3.3.1 updated - libpixman-1-0-devel-0.40.0-150400.3.3.1 updated - libply-boot-client5-0.9.5~git20210406.e554475-150400.3.8.1 updated - libply-splash-core5-0.9.5~git20210406.e554475-150400.3.8.1 updated - libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.8.1 updated - libply5-0.9.5~git20210406.e554475-150400.3.8.1 updated - libpoppler-cpp0-22.01.0-150400.3.3.1 updated - libpoppler-devel-22.01.0-150400.3.3.1 updated - libpoppler-glib-devel-22.01.0-150400.3.3.1 updated - libpoppler-glib8-22.01.0-150400.3.3.1 updated - libpoppler117-22.01.0-150400.3.3.1 updated - libpq5-15.1-150200.5.3.2 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libprotobuf20-3.9.2-150200.4.19.2 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libquadmath0-12.2.1+git416-150000.1.5.1 updated - libquadmath0-32bit-12.2.1+git416-150000.1.5.1 updated - librfxencode0-0.9.13.1-150200.4.18.1 updated - librsvg-2-2-2.52.9-150400.3.3.1 updated - libsamba-policy-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - libsecret-1-0-0.20.5-150400.4.3.1 updated - libsecret-devel-0.20.5-150400.4.3.1 updated - libsmartcols-devel-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libsnmp40-5.9.3-150300.15.8.1 added - libsodium-devel-1.0.18-150000.4.6.1 updated - libsodium23-1.0.18-150000.4.6.1 updated - libsodium23-32bit-1.0.18-150000.4.6.1 updated - libsoftokn3-3.79.4-150400.3.26.1 updated - libsoftokn3-32bit-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-3.79.4-150400.3.26.1 updated - libsoftokn3-hmac-32bit-3.79.4-150400.3.26.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsqlite3-0-32bit-3.39.3-150000.3.20.1 updated - libsss_certmap-devel-2.5.2-150400.4.11.1 updated - libsss_certmap0-2.5.2-150400.4.11.1 updated - libsss_idmap-devel-2.5.2-150400.4.11.1 updated - libsss_idmap0-2.5.2-150400.4.11.1 updated - libsss_nss_idmap-devel-2.5.2-150400.4.11.1 updated - libsss_nss_idmap0-2.5.2-150400.4.11.1 updated - libsss_simpleifp-devel-2.5.2-150400.4.11.1 updated - libsss_simpleifp0-2.5.2-150400.4.11.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libstdc++6-32bit-12.2.1+git416-150000.1.5.1 updated - libstdc++6-locale-12.2.1+git416-150000.1.5.1 updated - libstdc++6-pp-12.2.1+git416-150000.1.5.1 added - libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1 added - libsuseconnect-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - libsystemd0-249.15-150400.8.22.1 updated - libsystemd0-32bit-249.15-150400.8.22.1 updated - libteam-devel-1.27-150000.4.6.1 updated - libteam5-1.27-150000.4.6.1 updated - libteamdctl0-1.27-150000.4.6.1 updated - libtiff-devel-4.0.9-150000.45.25.1 updated - libtiff5-32bit-4.0.9-150000.45.25.1 updated - libtiff5-4.0.9-150000.45.25.1 updated - libtirpc-devel-1.2.6-150300.3.17.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libtirpc3-32bit-1.2.6-150300.3.17.1 updated - libtsan2-12.2.1+git416-150000.1.5.1 added - libubsan1-12.2.1+git416-150000.1.5.1 updated - libubsan1-32bit-12.2.1+git416-150000.1.5.1 updated - libudev1-249.15-150400.8.22.1 updated - libudev1-32bit-249.15-150400.8.22.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libusb-1_0-devel-1.0.24-150400.3.3.1 updated - libuuid-devel-2.37.2-150400.8.14.1 updated - libuuid-devel-static-2.37.2-150400.8.14.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libuuid1-32bit-2.37.2-150400.8.14.1 updated - libuv-devel-1.18.0-150400.11.3.1 updated - libuv1-1.18.0-150400.11.3.1 updated - libvirt-libs-8.0.0-150400.7.3.1 updated - libvmtools-devel-12.1.0-150300.21.2 updated - libvmtools0-12.1.0-150300.21.2 updated - libvpd-2_2-3-2.2.9-150200.5.3.1 added - libvpd-base-2.2.9-150200.5.3.1 added - libvpd-devel-2.2.9-150200.5.3.1 added - libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2 updated - libwireshark15-3.6.11-150000.3.83.1 updated - libwiretap12-3.6.11-150000.3.83.1 updated - libwsutil13-3.6.11-150000.3.83.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libxml2-2-32bit-2.9.14-150400.5.13.1 updated - libxml2-devel-2.9.14-150400.5.13.1 updated - libxml2-tools-2.9.14-150400.5.13.1 updated - libz1-1.2.11-150000.3.39.1 updated - libz1-32bit-1.2.11-150000.3.39.1 updated - linux-glibc-devel-5.14-150400.6.3.1 updated - lvm2-2.03.05-150400.185.1 updated - lvm2-devel-2.03.05-150400.185.1 updated - mdadm-4.1-150300.24.21.1 updated - minizip-devel-1.2.11-150000.3.39.1 updated - mlocate-0.26-150400.16.3.1 updated - mozilla-nspr-32bit-4.34.1-150000.3.26.1 updated - mozilla-nspr-4.34.1-150000.3.26.1 updated - mozilla-nspr-devel-4.34.1-150000.3.26.1 updated - mozilla-nss-3.79.4-150400.3.26.1 updated - mozilla-nss-32bit-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-3.79.4-150400.3.26.1 updated - mozilla-nss-certs-32bit-3.79.4-150400.3.26.1 updated - mozilla-nss-devel-3.79.4-150400.3.26.1 updated - mozilla-nss-sysinit-3.79.4-150400.3.26.1 updated - mozilla-nss-tools-3.79.4-150400.3.26.1 updated - net-snmp-5.9.3-150300.15.8.1 updated - net-snmp-devel-5.9.3-150300.15.8.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - nfs-doc-2.1.1-150100.10.27.1 updated - nfs-kernel-server-2.1.1-150100.10.27.1 updated - nfsidmap-0.26-150000.3.7.1 updated - nfsidmap-devel-0.26-150000.3.7.1 updated - nvme-cli-2.0-150400.3.12.1 updated - nvme-cli-bash-completion-2.0-150400.3.12.1 updated - nvme-cli-zsh-completion-2.0-150400.3.12.1 updated - nvme-stas-1.1.8-150400.3.6.1 updated - open-vm-tools-12.1.0-150300.21.2 updated - open-vm-tools-sdmp-12.1.0-150300.21.2 updated - openscap-1.3.6-150400.11.3.1 updated - openscap-containers-1.3.6-150400.11.3.1 updated - openscap-content-1.3.6-150400.11.3.1 updated - openscap-devel-1.3.6-150400.11.3.1 updated - openscap-utils-1.3.6-150400.11.3.1 updated - openssh-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-helpers-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.22.1 updated - openssl-3-3.0.1-150400.4.17.1 updated - p7zip-16.02-150200.14.9.2 updated - p7zip-full-16.02-150200.14.9.2 updated - pam-1.3.0-150000.6.61.1 updated - pam-32bit-1.3.0-150000.6.61.1 updated - pam-devel-1.3.0-150000.6.61.1 updated - pam-extra-1.3.0-150000.6.61.1 updated - pam-extra-32bit-1.3.0-150000.6.61.1 updated - pam_apparmor-3.0.4-150400.5.3.1 updated - pam_apparmor-32bit-3.0.4-150400.5.3.1 updated - pam_saslauthd-0.1.0~1-150400.9.4.1 added - perl-DBD-SQLite-1.66-150300.3.6.1 updated - perl-SNMP-5.9.3-150300.15.8.1 updated - pesign-0.112-150000.4.15.1 updated - pesign-obs-integration-10.2+git20210804.ff18da1-150400.3.5.1 updated - plymouth-0.9.5~git20210406.e554475-150400.3.8.1 updated - plymouth-devel-0.9.5~git20210406.e554475-150400.3.8.1 updated - plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.8.1 updated - plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.8.1 updated - plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.8.1 updated - poppler-tools-22.01.0-150400.3.3.1 updated - postgresql14-14.6-150200.5.20.2 updated - postgresql15-15.1-150200.5.3.2 added - procps-3.3.15-150000.7.28.1 updated - procps-devel-3.3.15-150000.7.28.1 updated - python3-3.6.15-150300.10.37.2 updated - python3-PyNaCl-1.4.0-150000.3.6.6 updated - python3-apparmor-3.0.4-150400.5.3.1 updated - python3-audit-3.0.6-150400.4.6.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-cairo-1.15.1-150000.3.8.1 updated - python3-curses-3.6.15-150300.10.37.2 updated - python3-dbm-3.6.15-150300.10.37.2 updated - python3-devel-3.6.15-150300.10.37.2 updated - python3-gobject-3.42.2-150400.3.3.2 updated - python3-gobject-Gdk-3.42.2-150400.3.3.2 updated - python3-gobject-cairo-3.42.2-150400.3.3.2 updated - python3-idle-3.6.15-150300.10.37.2 updated - python3-libnvme-1.0-150400.3.12.1 updated - python3-libxml2-2.9.14-150400.5.13.1 updated - python3-msgpack-0.5.6-150100.3.3.1 updated - python3-rpm-4.14.3-150300.52.1 updated - python3-salt-3004-150400.8.20.1 updated - python3-sssd-config-2.5.2-150400.4.11.1 updated - python3-tk-3.6.15-150300.10.37.2 updated - rekor-1.0.1-150400.4.6.1 updated - rpm-32bit-4.14.3-150300.52.1 updated - rpm-4.14.3-150300.52.1 updated - rpm-devel-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 updated - salt-3004-150400.8.20.1 updated - salt-doc-3004-150400.8.20.1 updated - salt-minion-3004-150400.8.20.1 updated - samba-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-ceph-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-client-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-dsdb-modules-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-gpupdate-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-ldb-ldap-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-libs-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-tool-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-winbind-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - samba-winbind-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - shadow-4.8.1-150400.10.3.1 updated - snmp-mibs-5.9.3-150300.15.8.1 updated - sqlite3-3.39.3-150000.3.20.1 updated - sqlite3-devel-3.39.3-150000.3.20.1 updated - sqlite3-tcl-3.39.3-150000.3.20.1 updated - ssg-apply-1.0-150000.1.3.1 added - sssd-2.5.2-150400.4.11.1 updated - sssd-ad-2.5.2-150400.4.11.1 updated - sssd-common-2.5.2-150400.4.11.1 updated - sssd-common-32bit-2.5.2-150400.4.11.1 updated - sssd-dbus-2.5.2-150400.4.11.1 updated - sssd-ipa-2.5.2-150400.4.11.1 updated - sssd-kcm-2.5.2-150400.4.11.1 updated - sssd-krb5-2.5.2-150400.4.11.1 updated - sssd-krb5-common-2.5.2-150400.4.11.1 updated - sssd-ldap-2.5.2-150400.4.11.1 updated - sssd-proxy-2.5.2-150400.4.11.1 updated - sssd-tools-2.5.2-150400.4.11.1 updated - sssd-winbind-idmap-2.5.2-150400.4.11.1 updated - strongswan-5.8.2-150400.19.3.3 updated - strongswan-hmac-5.8.2-150400.19.3.3 updated - strongswan-ipsec-5.8.2-150400.19.3.3 updated - strongswan-libs0-5.8.2-150400.19.3.3 updated - sudo-1.9.9-150400.4.12.1 updated - sudo-devel-1.9.9-150400.4.12.1 updated - sudo-plugin-python-1.9.9-150400.4.12.1 updated - suse-module-tools-15.4.15-150400.3.5.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - suseconnect-ruby-bindings-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - systemd-249.15-150400.8.22.1 updated - systemd-32bit-249.15-150400.8.22.1 updated - systemd-container-249.15-150400.8.22.1 updated - systemd-coredump-249.15-150400.8.22.1 updated - systemd-devel-249.15-150400.8.22.1 updated - systemd-doc-249.15-150400.8.22.1 updated - systemd-sysvinit-249.15-150400.8.22.1 updated - tar-1.34-150000.3.31.1 updated - tar-rmt-1.34-150000.3.31.1 updated - tcl-32bit-8.6.12-150300.14.6.1 updated - tcl-8.6.12-150300.14.6.1 updated - tcl-devel-8.6.12-150300.14.6.1 updated - timezone-2022g-150000.75.18.1 updated - typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2 updated - typelib-1_0-Poppler-0_18-22.01.0-150400.3.3.1 updated - typelib-1_0-Secret-1-0.20.5-150400.4.3.1 updated - typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2 updated - typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150400.4.34.2 updated - udev-249.15-150400.8.22.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.37.2-150400.8.14.1 updated - util-linux-systemd-2.37.2-150400.8.14.1 updated - vim-9.0.1234-150000.5.34.1 updated - vim-small-9.0.1234-150000.5.34.1 updated - w3m-0.5.3+git20180125-150000.3.3.1 updated - webkit2gtk-4_0-injected-bundles-2.38.5-150400.4.34.2 updated - webkit2gtk3-soup2-devel-2.38.5-150400.4.34.2 updated - wget-1.20.3-150000.3.15.1 updated - wicked-0.6.70-150400.3.3.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wireshark-3.6.11-150000.3.83.1 updated - xen-libs-4.16.3_02-150400.4.19.1 updated - xen-tools-domU-4.16.3_02-150400.4.19.1 updated - xfsprogs-5.13.0-150400.3.3.1 updated - xfsprogs-devel-5.13.0-150400.3.3.1 updated - xorg-x11-server-1.20.3-150400.38.16.1 updated - xorg-x11-server-extra-1.20.3-150400.38.16.1 updated - xrdp-0.9.13.1-150200.4.18.1 updated - xrdp-devel-0.9.13.1-150200.4.18.1 updated - xterm-330-150200.11.9.1 updated - xterm-bin-330-150200.11.9.1 updated - yast2-bootloader-4.4.18-150400.3.3.1 updated - yast2-country-4.4.13-150400.3.3.1 updated - yast2-country-data-4.4.13-150400.3.3.1 updated - yast2-packager-4.4.33-150400.3.7.2 updated - yast2-pkg-bindings-4.4.5-150400.3.3.1 updated - yast2-schema-default-4.4.15-150400.3.9.1 updated - yast2-storage-ng-4.4.41-150400.3.6.1 updated - yast2-update-4.4.8-150400.3.6.1 updated - yast2-users-4.4.12-150400.3.6.1 updated - zlib-devel-1.2.11-150000.3.39.1 updated - zlib-devel-static-1.2.11-150000.3.39.1 updated - docker-bash-completion-20.10.17_ce-150000.169.1 updated - helm-bash-completion-3.10.3-150000.1.13.1 updated - helm-zsh-completion-3.10.3-150000.1.13.1 updated - podman-cni-config-4.3.1-150400.4.11.1 updated - podman-docker-4.3.1-150400.4.11.1 updated - buildah-1.28.2-150400.3.11.1 updated - catatonit-0.1.7-150300.10.3.1 updated - cni-0.7.1-150100.3.8.1 updated - cni-plugins-0.8.6-150100.3.11.1 updated - conmon-2.1.5-150400.3.3.1 updated - container-suseconnect-2.4.0-150000.4.22.1 updated - containerd-1.6.12-150000.79.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerized-data-importer-manifests-1.51.0-150400.4.7.1 updated - docker-20.10.17_ce-150000.169.1 updated - helm-3.10.3-150000.1.13.1 updated - kubevirt-manifests-0.54.0-150400.3.7.1 updated - kubevirt-virtctl-0.54.0-150400.3.7.1 updated - libnvidia-container-devel-1.11.0-150200.5.6.1 updated - libnvidia-container-static-1.11.0-150200.5.6.1 updated - libnvidia-container-tools-1.11.0-150200.5.6.1 updated - libnvidia-container1-1.11.0-150200.5.6.1 updated - nvidia-container-toolkit-1.11.0-150200.5.6.1 updated - podman-4.3.1-150400.4.11.1 updated - podman-remote-4.3.1-150400.4.11.1 updated - runc-1.1.4-150000.36.1 updated - PackageKit-lang-1.2.4-150400.3.6.1 updated - eog-lang-41.2-150400.3.3.2 updated - evince-lang-41.4-150400.3.3.3 updated - gcr-lang-3.41.1-150400.3.3.1 updated - gnome-control-center-lang-41.7-150400.3.3.1 updated - gnome-desktop-lang-41.8-150400.3.3.1 updated - gnome-session-lang-41.3-150400.3.3.1 updated - gnome-shell-lang-41.9-150400.3.3.2 updated - gnome-software-lang-41.5-150400.3.3.2 updated - gnome-terminal-lang-3.42.3-150400.3.3.1 updated - gnome-user-docs-41.5-150400.3.3.1 updated - gnome-user-docs-lang-41.5-150400.3.3.1 updated - gspell-lang-1.10.0-150400.3.3.1 updated - gvfs-lang-1.48.2-150400.4.6.1 updated - libpeas-lang-1.32.0-150400.4.3.2 updated - libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1 updated - mutter-lang-41.9-150400.3.6.1 updated - nautilus-lang-41.5-150400.3.6.1 updated - orca-41.3-150400.3.3.1 updated - orca-lang-41.3-150400.3.3.1 updated - xdg-desktop-portal-gnome-lang-41.2-150400.3.3.1 updated - ImageMagick-7.1.0.9-150400.6.12.1 updated - ImageMagick-config-7-SUSE-7.1.0.9-150400.6.12.1 updated - ImageMagick-config-7-upstream-7.1.0.9-150400.6.12.1 updated - ImageMagick-devel-7.1.0.9-150400.6.12.1 updated - MozillaFirefox-102.8.0-150200.152.78.1 updated - MozillaFirefox-devel-102.8.0-150200.152.78.1 updated - MozillaFirefox-translations-common-102.8.0-150200.152.78.1 updated - MozillaFirefox-translations-other-102.8.0-150200.152.78.1 updated - PackageKit-1.2.4-150400.3.6.1 updated - PackageKit-backend-zypp-1.2.4-150400.3.6.1 updated - PackageKit-devel-1.2.4-150400.3.6.1 updated - atkmm1_6-devel-2.28.3-150400.4.3.1 updated - bluez-devel-5.62-150400.4.8.1 updated - dconf-devel-0.40.0-150400.3.3.2 updated - emacs-x11-27.2-150400.3.3.1 updated - eog-41.2-150400.3.3.2 updated - eog-devel-41.2-150400.3.3.2 updated - evince-41.4-150400.3.3.3 updated - evince-devel-41.4-150400.3.3.3 updated - evince-plugin-djvudocument-41.4-150400.3.3.3 updated - evince-plugin-dvidocument-41.4-150400.3.3.3 updated - evince-plugin-pdfdocument-41.4-150400.3.3.3 updated - evince-plugin-psdocument-41.4-150400.3.3.3 updated - evince-plugin-tiffdocument-41.4-150400.3.3.3 updated - evince-plugin-xpsdocument-41.4-150400.3.3.3 updated - gcr-data-3.41.1-150400.3.3.1 updated - gcr-prompter-3.41.1-150400.3.3.1 updated - gcr-ssh-agent-3.41.1-150400.3.3.1 updated - gcr-ssh-askpass-3.41.1-150400.3.3.1 updated - gcr-viewer-3.41.1-150400.3.3.1 updated - geocode-glib-3.26.4-150400.3.3.2 updated - geocode-glib-devel-3.26.4-150400.3.3.2 updated - gjs-1.70.2-150400.3.3.1 updated - gnome-control-center-41.7-150400.3.3.1 updated - gnome-control-center-devel-41.7-150400.3.3.1 updated - gnome-extensions-41.9-150400.3.3.2 updated - gnome-session-41.3-150400.3.3.1 updated - gnome-session-core-41.3-150400.3.3.1 updated - gnome-session-default-session-41.3-150400.3.3.1 updated - gnome-shell-41.9-150400.3.3.2 updated - gnome-shell-devel-41.9-150400.3.3.2 updated - gnome-shell-search-provider-gnome-terminal-3.42.3-150400.3.3.1 updated - gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 updated - gnome-software-41.5-150400.3.3.2 updated - gnome-software-devel-41.5-150400.3.3.2 updated - gnome-terminal-3.42.3-150400.3.3.1 updated - gnome-version-41.8-150400.3.3.1 updated - gspell-devel-1.10.0-150400.3.3.1 updated - gtkmm3-devel-3.24.6-150400.3.3.1 updated - gvfs-1.48.2-150400.4.6.1 updated - gvfs-backend-afc-1.48.2-150400.4.6.1 updated - gvfs-backend-samba-1.48.2-150400.4.6.1 updated - gvfs-backends-1.48.2-150400.4.6.1 updated - gvfs-devel-1.48.2-150400.4.6.1 updated - gvfs-fuse-1.48.2-150400.4.6.1 updated - gvim-9.0.1234-150000.5.34.1 updated - hplip-3.21.10-150400.3.5.1 updated - libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.12.1 updated - libMagick++-devel-7.1.0.9-150400.6.12.1 updated - libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.12.1 updated - libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.12.1 updated - libMrm4-2.3.4-150000.3.8.1 updated - libMrm4-32bit-2.3.4-150000.3.8.1 updated - libSDL2-2_0-0-2.0.8-150200.11.9.1 updated - libSDL2-devel-2.0.8-150200.11.9.1 updated - libUil4-2.3.4-150000.3.8.1 updated - libUil4-32bit-2.3.4-150000.3.8.1 updated - libXm4-2.3.4-150000.3.8.1 updated - libXm4-32bit-2.3.4-150000.3.8.1 updated - libatkmm-1_6-1-2.28.3-150400.4.3.1 updated - libavcodec57-3.4.2-150200.11.25.1 updated - libavcodec58_134-4.4-150400.3.11.1 updated - libavformat57-3.4.2-150200.11.25.1 updated - libavformat58_76-4.4-150400.3.11.1 updated - libavresample3-3.4.2-150200.11.25.1 updated - libavutil-devel-3.4.2-150200.11.25.1 updated - libavutil55-3.4.2-150200.11.25.1 updated - libavutil56_70-4.4-150400.3.11.1 updated - libcapnp-0_9-0.9.1-150400.3.4.1 updated - libevdocument3-4-41.4-150400.3.3.3 updated - libevview3-3-41.4-150400.3.3.3 updated - libexiv2-26-0.26-150400.9.21.1 updated - libexiv2-27-0.27.5-150400.15.4.1 added - libexiv2-devel-0.27.5-150400.15.4.1 updated - libexiv2-xmp-static-0.27.5-150400.15.4.1 added - libgck-1-0-3.41.1-150400.3.3.1 updated - libgck-devel-3.41.1-150400.3.3.1 updated - libgcr-3-1-3.41.1-150400.3.3.1 updated - libgcr-devel-3.41.1-150400.3.3.1 updated - libgeocode-glib0-3.26.4-150400.3.3.2 updated - libgexiv2-2-0.14.0-150400.4.2.1 updated - libgjs-devel-1.70.2-150400.3.3.1 updated - libgjs0-1.70.2-150400.3.3.1 updated - libgnome-desktop-3-19-41.8-150400.3.3.1 updated - libgnome-desktop-3-devel-41.8-150400.3.3.1 updated - libgnome-desktop-3_0-common-41.8-150400.3.3.1 updated - libgsf-1-114-1.14.50-150400.3.3.1 updated - libgspell-1-2-1.10.0-150400.3.3.1 updated - libgtkmm-3_0-1-3.24.6-150400.3.3.1 updated - libjavascriptcoregtk-4_1-0-2.38.5-150400.4.34.2 updated - libnautilus-extension1-41.5-150400.3.6.1 updated - libnma0-1.8.40-150400.3.3.1 updated - libnotify-devel-0.7.12-150400.3.3.1 updated - libnotify-tools-0.7.12-150400.3.3.1 updated - libopenjpeg1-1.5.2-150000.4.10.1 updated - libpackagekit-glib2-18-1.2.4-150400.3.6.1 updated - libpackagekit-glib2-devel-1.2.4-150400.3.6.1 updated - libpeas-1_0-0-1.32.0-150400.4.3.2 updated - libpeas-devel-1.32.0-150400.4.3.2 updated - libpeas-gtk-1_0-0-1.32.0-150400.4.3.2 updated - libpeas-loader-python3-1.32.0-150400.4.3.2 updated - libpixman-1-0-32bit-0.40.0-150400.3.3.1 updated - libpostproc-devel-3.4.2-150200.11.25.1 updated - libpostproc54-3.4.2-150200.11.25.1 updated - libpostproc55_9-4.4-150400.3.11.1 added - librsvg-devel-2.52.9-150400.3.3.1 updated - libswresample-devel-3.4.2-150200.11.25.1 updated - libswresample2-3.4.2-150200.11.25.1 updated - libswresample3_9-4.4-150400.3.11.1 updated - libswscale-devel-3.4.2-150200.11.25.1 updated - libswscale4-3.4.2-150200.11.25.1 updated - libwebkit2gtk-4_1-0-2.38.5-150400.4.34.2 updated - libwireplumber-0_4-0-0.4.9-150400.3.3.2 updated - motif-2.3.4-150000.3.8.1 updated - motif-devel-2.3.4-150000.3.8.1 updated - mutter-41.9-150400.3.6.1 updated - mutter-devel-41.9-150400.3.6.1 updated - nautilus-41.5-150400.3.6.1 updated - nautilus-devel-41.5-150400.3.6.1 updated - nautilus-evince-41.4-150400.3.3.3 updated - nautilus-extension-terminal-3.42.3-150400.3.3.1 updated - open-vm-tools-desktop-12.1.0-150300.21.2 updated - openjpeg-devel-1.5.2-150000.4.10.1 updated - openssh-askpass-gnome-8.4p1-150300.3.15.2 updated - python-cairo-common-devel-1.15.1-150000.3.8.1 updated - python3-cairo-devel-1.15.1-150000.3.8.1 updated - sane-backends-1.0.32-150400.15.2.1 updated - sane-backends-autoconfig-1.0.32-150400.15.2.1 updated - sane-backends-devel-1.0.32-150400.15.2.1 updated - tracker-miner-files-3.2.2-150400.3.3.1 updated - tracker-miners-3.2.2-150400.3.3.1 updated - typelib-1_0-EvinceDocument-3_0-41.4-150400.3.3.3 updated - typelib-1_0-EvinceView-3_0-41.4-150400.3.3.3 updated - typelib-1_0-Gck-1-3.41.1-150400.3.3.1 updated - typelib-1_0-Gcr-3-3.41.1-150400.3.3.1 updated - typelib-1_0-GcrUi-3-3.41.1-150400.3.3.1 updated - typelib-1_0-GeocodeGlib-1_0-3.26.4-150400.3.3.2 updated - typelib-1_0-GjsPrivate-1_0-1.70.2-150400.3.3.1 updated - typelib-1_0-GnomeDesktop-3_0-41.8-150400.3.3.1 updated - typelib-1_0-Gspell-1-1.10.0-150400.3.3.1 updated - typelib-1_0-JavaScriptCore-4_1-2.38.5-150400.4.34.2 updated - typelib-1_0-NMA-1_0-1.8.40-150400.3.3.1 updated - typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 updated - typelib-1_0-Notify-0_7-0.7.12-150400.3.3.1 updated - typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.6.1 updated - typelib-1_0-Peas-1_0-1.32.0-150400.4.3.2 updated - typelib-1_0-PeasGtk-1_0-1.32.0-150400.4.3.2 updated - typelib-1_0-Rsvg-2_0-2.52.9-150400.3.3.1 updated - typelib-1_0-WebKit2-4_1-2.38.5-150400.4.34.2 updated - typelib-1_0-WebKit2WebExtension-4_1-2.38.5-150400.4.34.2 updated - webkit2gtk-4_1-injected-bundles-2.38.5-150400.4.34.2 updated - webkit2gtk3-devel-2.38.5-150400.4.34.2 updated - wireplumber-0.4.9-150400.3.3.2 updated - wireshark-devel-3.6.11-150000.3.83.1 updated - wireshark-ui-qt-3.6.11-150000.3.83.1 updated - xdg-desktop-portal-gnome-41.2-150400.3.3.1 updated - bouncycastle-pkix-1.64-3.3.1 added - build-20230215-150200.15.1 updated - build-mkbaselibs-20230215-150200.15.1 updated - ca-certificates-mozilla-prebuilt-2.60-150200.27.1 updated - gcc12-info-12.2.1+git416-150000.1.5.1 added - git-doc-2.35.3-150300.10.24.1 updated - glassfish-annotation-api-1.3.2-1.63 added - jsoup-1.15.3-150200.3.9.1 updated - kernel-docs-5.14.21-150400.24.46.2 updated - kernel-source-5.14.21-150400.24.46.1 updated - osc-0.182.0-150100.3.32.1 updated - python3-cached-property-1.5.2-150300.7.3.1 added - python3-osc-tiny-0.7.5-150300.7.3.1 added - python3-responses-0.21.0-150300.3.3.1 added - valgrind-client-headers-3.18.1-150400.3.3.1 updated - binutils-devel-32bit-2.39-150100.7.40.1 updated - bsdtar-3.5.1-150400.3.12.1 updated - cargo-1.67.0-150400.24.6.1 updated - cargo-auditable-0.5.2~0-150300.7.3.1 added - cargo1.65-1.65.0-150300.7.9.1 added - cargo1.66-1.66.0-150400.9.9.1 added - cargo1.67-1.67.0-150400.9.3.1 added - cpp12-12.2.1+git416-150000.1.5.1 added - cross-nvptx-gcc12-12.2.1+git416-150000.1.5.1 added - cross-nvptx-newlib12-devel-12.2.1+git416-150000.1.5.1 added - ctags-5.8-150000.3.3.1 updated - dpkg-1.19.0.4-150000.4.4.1 updated - dpkg-devel-1.19.0.4-150000.4.4.1 updated - dracut-kiwi-lib-9.24.43-150100.3.56.3 updated - dracut-kiwi-live-9.24.43-150100.3.56.3 updated - dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 updated - dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 updated - dracut-kiwi-overlay-9.24.43-150100.3.56.3 updated - gcc12-12.2.1+git416-150000.1.5.1 added - gcc12-32bit-12.2.1+git416-150000.1.5.1 added - gcc12-PIE-12.2.1+git416-150000.1.5.1 added - gcc12-c++-12.2.1+git416-150000.1.5.1 added - gcc12-c++-32bit-12.2.1+git416-150000.1.5.1 added - gcc12-fortran-12.2.1+git416-150000.1.5.1 added - gcc12-fortran-32bit-12.2.1+git416-150000.1.5.1 added - gcc12-locale-12.2.1+git416-150000.1.5.1 added - gcc12-testresults-12.2.1+git416-150000.1.5.3 added - gdb-12.1-150400.15.6.1 updated - gdbserver-12.1-150400.15.6.1 updated - git-2.35.3-150300.10.24.1 updated - git-arch-2.35.3-150300.10.24.1 updated - git-cvs-2.35.3-150300.10.24.1 updated - git-daemon-2.35.3-150300.10.24.1 updated - git-email-2.35.3-150300.10.24.1 updated - git-gui-2.35.3-150300.10.24.1 updated - git-svn-2.35.3-150300.10.24.1 updated - git-web-2.35.3-150300.10.24.1 updated - gitk-2.35.3-150300.10.24.1 updated - glade-catalog-libpeas-1.32.0-150400.4.3.2 updated - go1.18-1.18.9-150000.1.40.1 updated - go1.18-doc-1.18.9-150000.1.40.1 updated - go1.18-race-1.18.9-150000.1.40.1 updated - go1.19-1.19.4-150000.1.18.1 updated - go1.19-doc-1.19.4-150000.1.18.1 updated - go1.19-race-1.19.4-150000.1.18.1 updated - kernel-obs-build-5.14.21-150400.24.46.1 updated - kernel-syms-5.14.21-150400.24.46.1 updated - kiwi-man-pages-9.24.43-150100.3.56.3 updated - kiwi-pxeboot-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-bootloaders-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-containers-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-core-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-disk-images-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-filesystems-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-image-validation-9.24.43-150100.3.56.3 updated - kiwi-systemdeps-iso-media-9.24.43-150100.3.56.3 updated - kiwi-tools-9.24.43-150100.3.56.3 updated - libcmocka-devel-1.1.5-150400.3.2.3 added - libcmocka-devel-32bit-1.1.5-150400.3.2.3 added - libcmocka-devel-static-1.1.5-150400.3.2.3 added - libcmocka0-1.1.5-150400.3.2.3 added - libcmocka0-32bit-1.1.5-150400.3.2.3 added - libjavascriptcoregtk-5_0-0-2.38.5-150400.4.34.2 updated - libpfm-devel-static-4.11.0-150400.5.3.1 updated - libprotoc20-3.9.2-150200.4.19.2 updated - libsource-highlight-devel-3.1.8-150000.3.2.1 added - libsource-highlight4-3.1.8-150000.3.2.1 added - libstdc++6-devel-gcc12-12.2.1+git416-150000.1.5.1 added - libstdc++6-devel-gcc12-32bit-12.2.1+git416-150000.1.5.1 added - libvala-0_54-0-0.54.8-150400.3.3.1 updated - libwebkit2gtk-5_0-0-2.38.5-150400.4.34.2 updated - nvptx-tools-1.0-150000.4.6.1 updated - pam-devel-32bit-1.3.0-150000.6.61.1 updated - perl-Git-2.35.3-150300.10.24.1 updated - perl-PerlMagick-7.1.0.9-150400.6.12.1 updated - perl-apparmor-3.0.4-150400.5.3.1 updated - protobuf-devel-3.9.2-150200.4.19.2 updated - python3-kiwi-9.24.43-150100.3.56.3 updated - python3-tools-3.6.15-150300.10.37.2 updated - rpm-build-4.14.3-150300.52.1 updated - rpmlint-mini-1.10-150400.23.6.1 updated - rust-1.67.0-150400.24.6.1 updated - rust1.65-1.65.0-150300.7.9.1 added - rust1.66-1.66.0-150400.9.9.1 added - rust1.67-1.67.0-150400.9.3.1 added - typelib-1_0-JavaScriptCore-5_0-2.38.5-150400.4.34.2 updated - typelib-1_0-WebKit2-5_0-2.38.5-150400.4.34.2 updated - vala-0.54.8-150400.3.3.1 updated - valgrind-3.18.1-150400.3.3.1 updated - valgrind-devel-3.18.1-150400.3.3.1 updated - webkit2gtk-5_0-injected-bundles-2.38.5-150400.4.34.2 updated - xorg-x11-server-sdk-1.20.3-150400.38.16.1 updated - zlib-devel-32bit-1.2.11-150000.3.39.1 updated - release-notes-sle_hpc-15.400000000.20220930-150400.3.6.1 updated - slurm_22_05-config-22.05.5-150300.7.3.2 added - slurm_22_05-config-man-22.05.5-150300.7.3.2 added - slurm_22_05-doc-22.05.5-150300.7.3.2 added - slurm_22_05-webdoc-22.05.5-150300.7.3.2 added - libnss_slurm2_22_05-22.05.5-150300.7.3.2 added - libpmi0_22_05-22.05.5-150300.7.3.2 added - libslurm38-22.05.5-150300.7.3.2 added - mvapich2-psm2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 updated - mvapich2-psm2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 updated - mvapich2-psm2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 updated - mvapich2-psm_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 updated - mvapich2-psm_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 updated - mvapich2-psm_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 updated - mvapich2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 updated - mvapich2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 updated - mvapich2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 updated - pdsh-2.34-150300.38.1 updated - pdsh-dshgroup-2.34-150300.38.1 updated - pdsh-genders-2.34-150300.38.1 updated - pdsh-machines-2.34-150300.38.1 updated - pdsh-netgroup-2.34-150300.38.1 updated - pdsh-slurm-2.34-150300.38.1 updated - pdsh-slurm_22_05-2.34-150300.38.1 added - perl-slurm_22_05-22.05.5-150300.7.3.2 added - slurm_22_05-22.05.5-150300.7.3.2 added - slurm_22_05-auth-none-22.05.5-150300.7.3.2 added - slurm_22_05-cray-22.05.5-150300.7.3.2 added - slurm_22_05-devel-22.05.5-150300.7.3.2 added - slurm_22_05-lua-22.05.5-150300.7.3.2 added - slurm_22_05-munge-22.05.5-150300.7.3.2 added - slurm_22_05-node-22.05.5-150300.7.3.2 added - slurm_22_05-pam_slurm-22.05.5-150300.7.3.2 added - slurm_22_05-plugins-22.05.5-150300.7.3.2 added - slurm_22_05-rest-22.05.5-150300.7.3.2 added - slurm_22_05-slurmdbd-22.05.5-150300.7.3.2 added - slurm_22_05-sql-22.05.5-150300.7.3.2 added - slurm_22_05-sview-22.05.5-150300.7.3.2 added - slurm_22_05-torque-22.05.5-150300.7.3.2 added - postgresql-llvmjit-15-150400.4.6.2 updated - postgresql-llvmjit-devel-15-150400.4.6.2 updated - postgresql13-docs-13.9-150200.5.34.1 updated - apache2-mod_php7-7.4.33-150400.4.16.1 updated - java-1_8_0-ibm-1.8.0_sr7.20-150000.3.68.1 updated - java-1_8_0-ibm-alsa-1.8.0_sr7.20-150000.3.68.1 updated - java-1_8_0-ibm-devel-1.8.0_sr7.20-150000.3.68.1 updated - java-1_8_0-ibm-plugin-1.8.0_sr7.20-150000.3.68.1 updated - java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 updated - java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 updated - java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 updated - java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 updated - libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 updated - libopenssl10-1.0.2p-150000.3.65.1 updated - libopenssl1_0_0-1.0.2p-150000.3.65.1 updated - openssl-1_0_0-1.0.2p-150000.3.65.1 updated - php7-7.4.33-150400.4.16.1 updated - php7-bcmath-7.4.33-150400.4.16.1 updated - php7-bz2-7.4.33-150400.4.16.1 updated - php7-calendar-7.4.33-150400.4.16.1 updated - php7-cli-7.4.33-150400.4.16.1 updated - php7-ctype-7.4.33-150400.4.16.1 updated - php7-curl-7.4.33-150400.4.16.1 updated - php7-dba-7.4.33-150400.4.16.1 updated - php7-devel-7.4.33-150400.4.16.1 updated - php7-dom-7.4.33-150400.4.16.1 updated - php7-enchant-7.4.33-150400.4.16.1 updated - php7-exif-7.4.33-150400.4.16.1 updated - php7-fastcgi-7.4.33-150400.4.16.1 updated - php7-fileinfo-7.4.33-150400.4.16.1 updated - php7-fpm-7.4.33-150400.4.16.1 updated - php7-ftp-7.4.33-150400.4.16.1 updated - php7-gd-7.4.33-150400.4.16.1 updated - php7-gettext-7.4.33-150400.4.16.1 updated - php7-gmp-7.4.33-150400.4.16.1 updated - php7-iconv-7.4.33-150400.4.16.1 updated - php7-intl-7.4.33-150400.4.16.1 updated - php7-json-7.4.33-150400.4.16.1 updated - php7-ldap-7.4.33-150400.4.16.1 updated - php7-mbstring-7.4.33-150400.4.16.1 updated - php7-mysql-7.4.33-150400.4.16.1 updated - php7-odbc-7.4.33-150400.4.16.1 updated - php7-opcache-7.4.33-150400.4.16.1 updated - php7-openssl-7.4.33-150400.4.16.1 updated - php7-pcntl-7.4.33-150400.4.16.1 updated - php7-pdo-7.4.33-150400.4.16.1 updated - php7-pgsql-7.4.33-150400.4.16.1 updated - php7-phar-7.4.33-150400.4.16.1 updated - php7-posix-7.4.33-150400.4.16.1 updated - php7-readline-7.4.33-150400.4.16.1 updated - php7-shmop-7.4.33-150400.4.16.1 updated - php7-snmp-7.4.33-150400.4.16.1 updated - php7-soap-7.4.33-150400.4.16.1 updated - php7-sockets-7.4.33-150400.4.16.1 updated - php7-sodium-7.4.33-150400.4.16.1 updated - php7-sqlite-7.4.33-150400.4.16.1 updated - php7-sysvmsg-7.4.33-150400.4.16.1 updated - php7-sysvsem-7.4.33-150400.4.16.1 updated - php7-sysvshm-7.4.33-150400.4.16.1 updated - php7-tidy-7.4.33-150400.4.16.1 updated - php7-tokenizer-7.4.33-150400.4.16.1 updated - php7-xmlreader-7.4.33-150400.4.16.1 updated - php7-xmlrpc-7.4.33-150400.4.16.1 updated - php7-xmlwriter-7.4.33-150400.4.16.1 updated - php7-xsl-7.4.33-150400.4.16.1 updated - php7-zip-7.4.33-150400.4.16.1 updated - php7-zlib-7.4.33-150400.4.16.1 updated - postgresql13-13.9-150200.5.34.1 updated - postgresql13-contrib-13.9-150200.5.34.1 updated - postgresql13-devel-13.9-150200.5.34.1 updated - postgresql13-llvmjit-13.9-150200.5.34.1 updated - postgresql13-llvmjit-devel-13.9-150200.5.34.1 updated - postgresql13-plperl-13.9-150200.5.34.1 updated - postgresql13-plpython-13.9-150200.5.34.1 updated - postgresql13-pltcl-13.9-150200.5.34.1 updated - postgresql13-server-13.9-150200.5.34.1 updated - postgresql13-server-devel-13.9-150200.5.34.1 updated - reiserfs-kmp-default-5.14.21-150400.24.46.1 updated - lifecycle-data-sle-module-live-patching-15-150000.4.84.1 updated - kernel-default-livepatch-5.14.21-150400.24.46.1 updated - kernel-default-livepatch-devel-5.14.21-150400.24.46.1 updated - kernel-livepatch-5_14_21-150400_15_11-rt-1-150400.1.3.1 added - kernel-livepatch-5_14_21-150400_15_5-rt-2-150400.2.1 added - kernel-livepatch-5_14_21-150400_15_8-rt-1-150400.1.3.1 added - kernel-livepatch-5_14_21-150400_22-default-10-150400.4.2 updated - kernel-livepatch-5_14_21-150400_24_11-default-7-150400.2.1 updated - kernel-livepatch-5_14_21-150400_24_18-default-7-150400.2.1 updated - kernel-livepatch-5_14_21-150400_24_21-default-6-150400.2.1 updated - kernel-livepatch-5_14_21-150400_24_28-default-4-150400.2.1 added - kernel-livepatch-5_14_21-150400_24_33-default-3-150400.2.1 added - kernel-livepatch-5_14_21-150400_24_38-default-2-150400.2.1 added - kernel-livepatch-5_14_21-150400_24_41-default-1-150400.9.3.1 added - libpulp-tools-0.2.7-150400.3.9.1 updated - libpulp0-0.2.7-150400.3.9.1 updated - openssl-1_1-livepatches-0.1-150400.3.3.1 updated - aws-efs-utils-1.34.5-150100.4.11.1 updated - cloud-regionsrv-8.1.3-150300.11.9.1 updated - cloud-regionsrv-client-10.0.8-150000.6.86.1 updated - cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 updated - cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 updated - cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 updated - cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 updated - cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 updated - cloud-regionsrv-generic-config-1.0.0-150300.11.9.1 updated - google-guest-configs-20220211.00-150400.13.3.1 updated - kernel-devel-azure-5.14.21-150400.14.34.1 updated - kernel-source-azure-5.14.21-150400.14.34.1 updated - python-azure-agent-2.8.0.11-150100.3.26.1 updated - python3-cachetools-4.1.0-150200.3.4.1 added - python3-ec2imgutils-10.0.1-150200.6.7.1 updated - python3-ec2metadata-4.0.0-150000.3.9.1 updated - python3-google-auth-1.21.2-150300.3.6.1 added - python3-pyperclip-1.6.0-150000.3.3.1 updated - amazon-ecs-init-1.53.0-150100.4.13.1 updated - apache2-mod_wsgi-4.7.1-150400.3.3.1 updated - google-osconfig-agent-20220801.00-150000.1.24.1 added - kernel-azure-5.14.21-150400.14.34.1 updated - kernel-azure-devel-5.14.21-150400.14.34.1 updated - kernel-syms-azure-5.14.21-150400.14.34.1 updated - python3-crcmod-1.7-150200.5.6.1 updated - python3-protobuf-3.9.2-150200.4.19.2 updated - rmt-server-pubcloud-2.10-150400.3.9.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - python310-setuptools-57.4.0-150400.4.3.1 updated - libpython3_10-1_0-3.10.8-150400.4.15.1 updated - python310-3.10.8-150400.4.15.1 updated - python310-base-3.10.8-150400.4.15.1 updated - python310-curses-3.10.8-150400.4.15.1 updated - python310-dbm-3.10.8-150400.4.15.1 updated - python310-devel-3.10.8-150400.4.15.1 updated - python310-idle-3.10.8-150400.4.15.1 updated - python310-tk-3.10.8-150400.4.15.1 updated - python310-tools-3.10.8-150400.4.15.1 updated - kernel-devel-rt-5.14.21-150400.15.11.1 updated - kernel-source-rt-5.14.21-150400.15.11.1 updated - release-notes-sle_rt-15.4.20220930-150400.3.3.1 updated - cluster-md-kmp-rt-5.14.21-150400.15.11.1 updated - dlm-kmp-rt-5.14.21-150400.15.11.1 updated - gfs2-kmp-rt-5.14.21-150400.15.11.1 updated - kernel-rt-5.14.21-150400.15.11.1 updated - kernel-rt-devel-5.14.21-150400.15.11.1 updated - kernel-rt_debug-5.3.18-8.13.1 updated - kernel-rt_debug-devel-5.3.18-8.13.1 updated - kernel-syms-rt-5.14.21-150400.15.11.1 updated - ocfs2-kmp-rt-5.14.21-150400.15.11.1 updated - SAPHanaSR-0.162.1-150000.4.31.1 updated - SAPHanaSR-ScaleOut-0.184.1-150000.33.1 updated - SAPHanaSR-ScaleOut-doc-0.184.1-150000.33.1 updated - SAPHanaSR-doc-0.162.1-150000.4.31.1 updated - release-notes-sles-for-sap-15.4.20221130-150400.3.9.7 updated - saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 updated - yast2-sap-ha-1.0.18-150000.3.14.1 updated - prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150200.3.21.1 updated - yast2-hana-update-1.2.2-150200.3.3.1 updated - apache2-doc-2.4.51-150400.6.6.1 updated - bind-doc-9.16.37-150400.5.17.1 updated - clone-master-clean-up-1.10-150100.3.17.1 updated - grub2-x86_64-xen-2.06-150400.11.17.1 updated - libvirt-doc-8.0.0-150400.7.3.1 updated - migrate-sles-to-sles4sap-15.1.2-150100.3.12.1 updated - nginx-source-1.21.5-150400.3.3.1 updated - postgresql-contrib-15-150400.4.6.2 updated - postgresql-devel-15-150400.4.6.2 updated - postgresql-docs-15-150400.4.6.2 updated - postgresql-jdbc-42.2.25-150400.3.9.2 updated - postgresql-plperl-15-150400.4.6.2 updated - postgresql-plpython-15-150400.4.6.2 updated - postgresql-pltcl-15-150400.4.6.2 updated - postgresql-server-15-150400.4.6.2 updated - postgresql-server-devel-15-150400.4.6.2 updated - postgresql14-docs-14.6-150200.5.20.2 updated - postgresql15-docs-15.1-150200.5.3.2 added - python3-service_identity-18.1.0-150200.3.5.1 updated - salt-fish-completion-3004-150400.8.20.1 updated - sapconf-5.0.5-150000.7.24.1 updated - virt-v2v-bash-completion-1.44.2-150400.3.3.1 updated - virt-v2v-man-pages-ja-1.44.2-150400.3.3.1 updated - virt-v2v-man-pages-uk-1.44.2-150400.3.3.1 updated - xen-tools-xendomains-wait-disk-4.16.3_02-150400.4.19.1 updated - 389-ds-2.0.17~git7.959d36e-150400.3.20.1 updated - 389-ds-devel-2.0.17~git7.959d36e-150400.3.20.1 updated - apache2-devel-2.4.51-150400.6.6.1 updated - apache2-mod_apparmor-3.0.4-150400.5.3.1 updated - apache2-mod_auth_openidc-2.3.8-150100.3.22.1 updated - apache2-mod_security2-2.9.4-150400.3.6.1 updated - apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 updated - apache2-worker-2.4.51-150400.6.6.1 updated - bind-9.16.37-150400.5.17.1 updated - dhcp-relay-4.3.6.P1-150000.6.17.1 updated - dhcp-server-4.3.6.P1-150000.6.17.1 updated - erlang-22.3-150300.3.3.1 updated - erlang-epmd-22.3-150300.3.3.1 updated - erlang-rabbitmq-client-3.8.11-150300.3.11.1 updated - freeradius-server-3.0.25-150400.4.4.1 updated - freeradius-server-devel-3.0.25-150400.4.4.1 updated - freeradius-server-krb5-3.0.25-150400.4.4.1 updated - freeradius-server-ldap-3.0.25-150400.4.4.1 updated - freeradius-server-libs-3.0.25-150400.4.4.1 updated - freeradius-server-mysql-3.0.25-150400.4.4.1 updated - freeradius-server-perl-3.0.25-150400.4.4.1 updated - freeradius-server-postgresql-3.0.25-150400.4.4.1 updated - freeradius-server-python3-3.0.25-150400.4.4.1 updated - freeradius-server-sqlite-3.0.25-150400.4.4.1 updated - freeradius-server-utils-3.0.25-150400.4.4.1 updated - frr-7.4-150300.4.12.1 updated - frr-devel-7.4-150300.4.12.1 updated - gtk-vnc-devel-1.3.1-150400.3.3.1 updated - krb5-plugin-kdb-ldap-1.19.2-150400.3.3.1 updated - krb5-server-1.19.2-150400.3.3.1 updated - lib389-2.0.17~git7.959d36e-150400.3.20.1 updated - libapr-util1-dbd-mysql-1.6.1-150300.18.5.1 updated - libapr-util1-dbd-pgsql-1.6.1-150300.18.5.1 updated - libapr-util1-dbd-sqlite3-1.6.1-150300.18.5.1 updated - libecpg6-15.1-150200.5.3.2 updated - libfrr0-7.4-150300.4.12.1 updated - libfrr_pb0-7.4-150300.4.12.1 updated - libfrrcares0-7.4-150300.4.12.1 updated - libfrrfpm_pb0-7.4-150300.4.12.1 updated - libfrrgrpc_pb0-7.4-150300.4.12.1 updated - libfrrospfapiclient0-7.4-150300.4.12.1 updated - libfrrsnmp0-7.4-150300.4.12.1 updated - libfrrzmq0-7.4-150300.4.12.1 updated - libgvncpulse-1_0-0-1.3.1-150400.3.3.1 updated - libmlag_pb0-7.4-150300.4.12.1 updated - libpowerman0-2.3.26-150400.3.2.1 updated - libsvrcore0-2.0.17~git7.959d36e-150400.3.20.1 updated - libteam-tools-1.27-150000.4.6.1 updated - libtpms-devel-0.8.2-150300.3.6.1 updated - libtpms0-0.8.2-150300.3.6.1 updated - libvirt-8.0.0-150400.7.3.1 updated - libvirt-client-8.0.0-150400.7.3.1 updated - libvirt-daemon-8.0.0-150400.7.3.1 updated - libvirt-daemon-config-network-8.0.0-150400.7.3.1 updated - libvirt-daemon-config-nwfilter-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-interface-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-libxl-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-network-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-nodedev-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-nwfilter-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-qemu-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-secret-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-core-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-disk-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-logical-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.3.1 updated - libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.3.1 updated - libvirt-daemon-hooks-8.0.0-150400.7.3.1 updated - libvirt-daemon-qemu-8.0.0-150400.7.3.1 updated - libvirt-daemon-xen-8.0.0-150400.7.3.1 updated - libvirt-devel-8.0.0-150400.7.3.1 updated - libvirt-lock-sanlock-8.0.0-150400.7.3.1 updated - libvirt-nss-8.0.0-150400.7.3.1 updated - nginx-1.21.5-150400.3.3.1 updated - openCryptoki-3.17.0-150400.4.8.1 updated - openCryptoki-devel-3.17.0-150400.4.8.1 updated - postgresql14-contrib-14.6-150200.5.20.2 updated - postgresql14-devel-14.6-150200.5.20.2 updated - postgresql14-plperl-14.6-150200.5.20.2 updated - postgresql14-plpython-14.6-150200.5.20.2 updated - postgresql14-pltcl-14.6-150200.5.20.2 updated - postgresql14-server-14.6-150200.5.20.2 updated - postgresql14-server-devel-14.6-150200.5.20.2 updated - postgresql15-contrib-15.1-150200.5.3.2 added - postgresql15-devel-15.1-150200.5.3.2 added - postgresql15-plperl-15.1-150200.5.3.2 added - postgresql15-plpython-15.1-150200.5.3.2 added - postgresql15-pltcl-15.1-150200.5.3.2 added - postgresql15-server-15.1-150200.5.3.2 added - postgresql15-server-devel-15.1-150200.5.3.2 added - powerman-2.3.26-150400.3.2.1 updated - python3-Twisted-22.2.0-150400.5.7.1 updated - rabbitmq-server-3.8.11-150300.3.11.1 updated - rabbitmq-server-plugins-3.8.11-150300.3.11.1 updated - rarpd-20211215-150400.3.3.2 updated - redis-6.2.6-150400.3.11.1 updated - rmt-server-2.10-150400.3.9.1 updated - rmt-server-config-2.10-150400.3.9.1 updated - rsyslog-module-gssapi-8.2106.0-150400.5.11.1 updated - rsyslog-module-gtls-8.2106.0-150400.5.11.1 updated - rsyslog-module-mmnormalize-8.2106.0-150400.5.11.1 updated - rsyslog-module-mysql-8.2106.0-150400.5.11.1 updated - rsyslog-module-pgsql-8.2106.0-150400.5.11.1 updated - rsyslog-module-relp-8.2106.0-150400.5.11.1 updated - rsyslog-module-snmp-8.2106.0-150400.5.11.1 updated - rsyslog-module-udpspoof-8.2106.0-150400.5.11.1 updated - salt-api-3004-150400.8.20.1 updated - salt-cloud-3004-150400.8.20.1 updated - salt-master-3004-150400.8.20.1 updated - salt-proxy-3004-150400.8.20.1 updated - salt-ssh-3004-150400.8.20.1 updated - salt-standalone-formulas-configuration-3004-150400.8.20.1 updated - salt-syndic-3004-150400.8.20.1 updated - typelib-1_0-GVnc-1_0-1.3.1-150400.3.3.1 updated - typelib-1_0-GVncPulse-1_0-1.3.1-150400.3.3.1 updated - typelib-1_0-GtkVnc-2_0-1.3.1-150400.3.3.1 updated - uuidd-2.37.2-150400.8.14.1 updated - virt-v2v-1.44.2-150400.3.3.1 updated - vsftpd-3.0.5-150400.3.6.1 updated - xen-4.16.3_02-150400.4.19.1 updated - xen-devel-4.16.3_02-150400.4.19.1 updated - xen-tools-4.16.3_02-150400.4.19.1 updated - salt-transactional-update-3004-150400.8.20.1 updated - nodejs16-docs-16.18.1-150400.3.12.1 updated - apache2-mod_php8-8.0.27-150400.4.23.1 updated - nodejs16-16.18.1-150400.3.12.1 updated - nodejs16-devel-16.18.1-150400.3.12.1 updated - npm16-16.18.1-150400.3.12.1 updated - php8-8.0.27-150400.4.23.1 updated - php8-bcmath-8.0.27-150400.4.23.1 updated - php8-bz2-8.0.27-150400.4.23.1 updated - php8-calendar-8.0.27-150400.4.23.1 updated - php8-cli-8.0.27-150400.4.23.1 updated - php8-ctype-8.0.27-150400.4.23.1 updated - php8-curl-8.0.27-150400.4.23.1 updated - php8-dba-8.0.27-150400.4.23.1 updated - php8-devel-8.0.27-150400.4.23.1 updated - php8-dom-8.0.27-150400.4.23.1 updated - php8-embed-8.0.27-150400.4.23.1 updated - php8-enchant-8.0.27-150400.4.23.1 updated - php8-exif-8.0.27-150400.4.23.1 updated - php8-fastcgi-8.0.27-150400.4.23.1 updated - php8-fileinfo-8.0.27-150400.4.23.1 updated - php8-fpm-8.0.27-150400.4.23.1 updated - php8-ftp-8.0.27-150400.4.23.1 updated - php8-gd-8.0.27-150400.4.23.1 updated - php8-gettext-8.0.27-150400.4.23.1 updated - php8-gmp-8.0.27-150400.4.23.1 updated - php8-iconv-8.0.27-150400.4.23.1 updated - php8-intl-8.0.27-150400.4.23.1 updated - php8-ldap-8.0.27-150400.4.23.1 updated - php8-mbstring-8.0.27-150400.4.23.1 updated - php8-mysql-8.0.27-150400.4.23.1 updated - php8-odbc-8.0.27-150400.4.23.1 updated - php8-opcache-8.0.27-150400.4.23.1 updated - php8-openssl-8.0.27-150400.4.23.1 updated - php8-pcntl-8.0.27-150400.4.23.1 updated - php8-pdo-8.0.27-150400.4.23.1 updated - php8-pgsql-8.0.27-150400.4.23.1 updated - php8-phar-8.0.27-150400.4.23.1 updated - php8-posix-8.0.27-150400.4.23.1 updated - php8-readline-8.0.27-150400.4.23.1 updated - php8-shmop-8.0.27-150400.4.23.1 updated - php8-snmp-8.0.27-150400.4.23.1 updated - php8-soap-8.0.27-150400.4.23.1 updated - php8-sockets-8.0.27-150400.4.23.1 updated - php8-sodium-8.0.27-150400.4.23.1 updated - php8-sqlite-8.0.27-150400.4.23.1 updated - php8-sysvmsg-8.0.27-150400.4.23.1 updated - php8-sysvsem-8.0.27-150400.4.23.1 updated - php8-sysvshm-8.0.27-150400.4.23.1 updated - php8-test-8.0.27-150400.4.23.1 updated - php8-tidy-8.0.27-150400.4.23.1 updated - php8-tokenizer-8.0.27-150400.4.23.1 updated - php8-xmlreader-8.0.27-150400.4.23.1 updated - php8-xmlwriter-8.0.27-150400.4.23.1 updated - php8-xsl-8.0.27-150400.4.23.1 updated - php8-zip-8.0.27-150400.4.23.1 updated - php8-zlib-8.0.27-150400.4.23.1 updated - crmsh-4.4.0+20221209.64abfaca-150400.3.12.1 updated - crmsh-scripts-4.4.0+20221209.64abfaca-150400.3.12.1 updated - monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.13.1 updated - pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.9.2 updated - python3-parallax-1.0.8-150200.4.9.2 updated - yast2-cluster-4.4.3-150400.3.3.2 updated - cluster-md-kmp-default-5.14.21-150400.24.46.1 updated - corosync-2.4.6-150300.12.10.1 updated - corosync-qdevice-2.4.6-150300.12.10.1 updated - corosync-qnetd-2.4.6-150300.12.10.1 updated - corosync-testagents-2.4.6-150300.12.10.1 updated - ctdb-4.15.13+git.591.ab36624310c-150400.3.19.1 updated - dlm-kmp-default-5.14.21-150400.24.46.1 updated - drbd-utils-9.19.0-150400.3.6.1 updated - gfs2-kmp-default-5.14.21-150400.24.46.1 updated - haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 updated - hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 updated - keepalived-2.2.2-150400.3.7.2 updated - ldirectord-4.10.0+git40.0f4de473-150400.3.13.1 updated - libcfg6-2.4.6-150300.12.10.1 updated - libcmap4-2.4.6-150300.12.10.1 updated - libcorosync-devel-2.4.6-150300.12.10.1 updated - libcorosync_common4-2.4.6-150300.12.10.1 updated - libcpg4-2.4.6-150300.12.10.1 updated - libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.9.2 updated - libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.9.2 updated - libquorum5-2.4.6-150300.12.10.1 updated - libsam4-2.4.6-150300.12.10.1 updated - libtotem_pg5-2.4.6-150300.12.10.1 updated - libvotequorum8-2.4.6-150300.12.10.1 updated - lvm2-lockd-2.03.05-150400.185.1 updated - ocfs2-kmp-default-5.14.21-150400.24.46.1 updated - ocfs2-tools-1.8.7-150400.6.3.1 updated - ocfs2-tools-o2cb-1.8.7-150400.6.3.1 updated - pacemaker-2.1.2+20211124.ada5c3b36-150400.4.9.2 updated - pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.9.2 updated - pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.9.2 updated - resource-agents-4.10.0+git40.0f4de473-150400.3.13.1 updated - ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.15.1 updated - ruby2.5-rubygem-activerecord-5_1-5.1.4-150000.5.6.1 updated - ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.12.1 updated - ruby2.5-rubygem-globalid-0.4.1-150000.3.3.1 updated - ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 updated - ruby2.5-rubygem-rack-2.0.8-150000.3.12.1 updated - ruby2.5-rubygem-websocket-extensions-0.1.3-150000.3.4.1 updated - sbd-1.5.1+20221128.8ec8e01-150400.3.3.1 updated - release-notes-sle_hpc-15.400000000.20220930-150400.3.6.1 added - release-notes-sle_rt-15.4.20220930-150400.3.3.1 added - release-notes-sled-15.4.20220930-150400.3.3.1 updated - release-notes-sles-15.4.20221130-150400.3.10.7 updated - release-notes-susemanager-proxy-4.3.4-150400.3.43.1 updated - release-notes-susemanager-proxy-4.3.4-150400.3.43.1 added - release-notes-susemanager-4.3.4-150400.3.43.1 updated - NetworkManager-applet-lang-1.24.0-150400.4.3.1 updated - evolution-data-server-lang-3.42.5-150400.3.3.2 updated - evolution-lang-3.42.4-150400.3.3.1 updated - folks-lang-0.15.5-150400.5.3.2 updated - gegl-0_4-lang-0.4.34-150400.3.2.1 updated - gimp-lang-2.10.30-150400.3.8.2 updated - gnome-music-lang-41.1-150400.3.6.1 updated - gnome-photos-lang-40.0-150400.4.2.1 updated - gnome-remote-desktop-lang-41.3-150400.3.3.1 updated - libgsf-lang-1.14.50-150400.3.3.1 updated - libnma-lang-1.8.40-150400.3.3.1 updated - libreoffice-branding-upstream-7.4.3.2-150400.17.3.8 updated - libreoffice-icon-themes-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-af-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ar-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-as-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-bg-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-bn-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-br-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ca-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ckb-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-cs-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-cy-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-da-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-de-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-dz-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-el-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-en-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-eo-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-es-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-et-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-eu-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-fa-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-fi-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-fr-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-fur-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ga-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-gl-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-gu-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-he-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-hi-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-hr-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-hu-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-it-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ja-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-kk-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-kn-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ko-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-lt-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-lv-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-mai-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ml-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-mr-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-nb-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-nl-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-nn-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-nr-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-nso-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-or-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-pa-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-pl-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-pt_BR-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-pt_PT-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ro-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ru-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-si-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-sk-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-sl-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-sr-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ss-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-st-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-sv-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ta-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-te-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-th-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-tn-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-tr-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ts-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-uk-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-ve-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-xh-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-zh_CN-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-zh_TW-7.4.3.2-150400.17.3.8 updated - libreoffice-l10n-zu-7.4.3.2-150400.17.3.8 updated - tracker-miners-lang-3.2.2-150400.3.3.1 updated - MozillaThunderbird-102.7.1-150200.8.102.1 updated - MozillaThunderbird-translations-common-102.7.1-150200.8.102.1 updated - MozillaThunderbird-translations-other-102.7.1-150200.8.102.1 updated - NetworkManager-applet-1.24.0-150400.4.3.1 updated - NetworkManager-connection-editor-1.24.0-150400.4.3.1 updated - PackageKit-gstreamer-plugin-1.2.4-150400.3.6.1 updated - PackageKit-gtk3-module-1.2.4-150400.3.6.1 updated - bluez-cups-5.62-150400.4.8.1 updated - evolution-3.42.4-150400.3.3.1 updated - evolution-data-server-3.42.5-150400.3.3.2 updated - evolution-data-server-devel-3.42.5-150400.3.3.2 updated - evolution-devel-3.42.4-150400.3.3.1 updated - evolution-plugin-bogofilter-3.42.4-150400.3.3.1 updated - evolution-plugin-pst-import-3.42.4-150400.3.3.1 updated - evolution-plugin-spamassassin-3.42.4-150400.3.3.1 updated - evolution-plugin-text-highlight-3.42.4-150400.3.3.1 updated - folks-data-0.15.5-150400.5.3.2 updated - folks-devel-0.15.5-150400.5.3.2 updated - freerdp-2.4.0-150400.3.18.1 updated - freerdp-devel-2.4.0-150400.3.18.1 updated - freerdp-proxy-2.4.0-150400.3.18.1 updated - gegl-0_4-0.4.34-150400.3.2.1 updated - gegl-devel-0.4.34-150400.3.2.1 updated - gimp-2.10.30-150400.3.8.2 updated - gimp-devel-2.10.30-150400.3.8.2 updated - gnome-control-center-color-41.7-150400.3.3.1 updated - gnome-control-center-goa-41.7-150400.3.3.1 updated - gnome-control-center-user-faces-41.7-150400.3.3.1 updated - gnome-music-41.1-150400.3.6.1 updated - gnome-photos-40.0-150400.4.2.1 updated - gnome-remote-desktop-41.3-150400.3.3.1 updated - gnome-session-wayland-41.3-150400.3.3.1 updated - gnome-shell-calendar-41.9-150400.3.3.2 updated - gnome-shell-search-provider-gnome-photos-40.0-150400.4.2.1 updated - kernel-default-extra-5.14.21-150400.24.46.1 updated - libXpm-tools-3.5.12-150000.3.7.2 updated - libavcodec-devel-3.4.2-150200.11.25.1 updated - libavformat-devel-3.4.2-150200.11.25.1 updated - libavformat57-3.4.2-150200.11.25.1 added - libavformat58_76-4.4-150400.3.11.1 added - libavresample-devel-3.4.2-150200.11.25.1 updated - libavresample3-3.4.2-150200.11.25.1 added - libcamel-1_2-63-3.42.5-150400.3.3.2 updated - libebackend-1_2-10-3.42.5-150400.3.3.2 updated - libebook-1_2-20-3.42.5-150400.3.3.2 updated - libebook-contacts-1_2-3-3.42.5-150400.3.3.2 updated - libecal-2_0-1-3.42.5-150400.3.3.2 updated - libedata-book-1_2-26-3.42.5-150400.3.3.2 updated - libedata-cal-2_0-1-3.42.5-150400.3.3.2 updated - libedataserver-1_2-26-3.42.5-150400.3.3.2 updated - libedataserverui-1_2-3-3.42.5-150400.3.3.2 updated - libfolks-eds26-0.15.5-150400.5.3.2 updated - libfolks-telepathy26-0.15.5-150400.5.3.2 updated - libfolks26-0.15.5-150400.5.3.2 updated - libfreerdp2-2.4.0-150400.3.18.1 updated - libgegl-0_4-0-0.4.34-150400.3.2.1 updated - libgexiv2-devel-0.14.0-150400.4.2.1 updated - libgimp-2_0-0-2.10.30-150400.3.8.2 updated - libgimpui-2_0-0-2.10.30-150400.3.8.2 updated - libgsf-devel-1.14.50-150400.3.3.1 updated - libmediaart-2_0-0-1.9.6-150400.3.3.1 updated - libmwaw-0_3-3-0.3.21-150000.4.17.7 updated - libnma-devel-1.8.40-150400.3.3.1 updated - libreoffice-7.4.3.2-150400.17.3.8 updated - libreoffice-base-7.4.3.2-150400.17.3.8 updated - libreoffice-base-drivers-postgresql-7.4.3.2-150400.17.3.8 updated - libreoffice-calc-7.4.3.2-150400.17.3.8 updated - libreoffice-calc-extensions-7.4.3.2-150400.17.3.8 updated - libreoffice-draw-7.4.3.2-150400.17.3.8 updated - libreoffice-filters-optional-7.4.3.2-150400.17.3.8 updated - libreoffice-gnome-7.4.3.2-150400.17.3.8 updated - libreoffice-gtk3-7.4.3.2-150400.17.3.8 updated - libreoffice-impress-7.4.3.2-150400.17.3.8 updated - libreoffice-mailmerge-7.4.3.2-150400.17.3.8 updated - libreoffice-math-7.4.3.2-150400.17.3.8 updated - libreoffice-officebean-7.4.3.2-150400.17.3.8 updated - libreoffice-pyuno-7.4.3.2-150400.17.3.8 updated - libreoffice-writer-7.4.3.2-150400.17.3.8 updated - libreoffice-writer-extensions-7.4.3.2-150400.17.3.8 updated - libreofficekit-7.4.3.2-150400.17.3.8 updated - libswscale5_9-4.4-150400.3.11.1 updated - libwinpr2-2.4.0-150400.3.18.1 updated - strongswan-nm-5.8.2-150400.19.3.3 updated - typelib-1_0-Camel-1_2-3.42.5-150400.3.3.2 updated - typelib-1_0-EBook-1_2-3.42.5-150400.3.3.2 updated - typelib-1_0-EBookContacts-1_2-3.42.5-150400.3.3.2 updated - typelib-1_0-ECal-2_0-3.42.5-150400.3.3.2 updated - typelib-1_0-EDataServer-1_2-3.42.5-150400.3.3.2 updated - typelib-1_0-EDataServerUI-1_2-3.42.5-150400.3.3.2 updated - typelib-1_0-Folks-0_7-0.15.5-150400.5.3.2 updated - typelib-1_0-FolksEds-0_7-0.15.5-150400.5.3.2 updated - typelib-1_0-FolksTelepathy-0_7-0.15.5-150400.5.3.2 updated - typelib-1_0-GExiv2-0_10-0.14.0-150400.4.2.1 updated - typelib-1_0-Gegl-0_4-0.4.34-150400.3.2.1 updated - typelib-1_0-Gsf-1-1.14.50-150400.3.3.1 updated - typelib-1_0-MediaArt-2_0-1.9.6-150400.3.3.1 updated - winpr2-devel-2.4.0-150400.3.18.1 updated - xorg-x11-server-wayland-1.20.3-150200.22.5.66.1 updated - xwayland-21.1.4-150400.3.9.1 updated - grub2-arm64-efi-2.06-150400.11.17.1 updated - hwdata-0.365-150000.3.54.1 added - supportutils-plugin-salt-1.2.0-150400.1.1 added - apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 added - apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 updated - apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 updated - dwz-0.12-150000.3.2.1 added - golang-github-boynux-squid_exporter-1.6-150000.1.9.1 updated - golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 updated - prometheus-blackbox_exporter-0.19.0-150000.1.14.3 updated - rpm-build-4.14.3-150300.52.1 added - rpm-build-debuginfo-4.14.3-150300.52.1 updated - rpm-debuginfo-4.14.3-150300.52.1 updated - rpm-debugsource-4.14.3-150300.52.1 updated - antlr-java-2.7.7-16.63 added - apache-commons-cli-1.4-1.63 added - apache-commons-codec-1.11-1.63 added - apache-commons-compress-1.21-150200.3.7.1 added - apache-commons-lang3-3.8.1-1.63 added - base64coder-20101219-1.63 added - cal10n-0.7.7-9.64 added - dom4j-1.6.1-10.12 added - drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 added - geronimo-annotation-1_0-api-1.2-150200.15.2.1 added - geronimo-stax-1_0-api-1.2-150200.15.2.1 added - google-gson-2.8.9-150200.3.6.3 added - guava-30.1.1-150400.1.9 added - habootstrap-formula-0.4.4+git.1632747498.2caa677-3.20.1 added - httpcomponents-client-4.5.6-3.2.6 added - httpcomponents-core-4.4.10-3.2.6 added - hwdata-0.365-150000.3.54.1 added - isorelax-0.1-9.63 added - jackson-annotations-2.13.0-150200.3.6.1 added - jackson-core-2.13.0-150200.3.6.1 added - jackson-databind-2.13.4.2-150200.3.12.1 added - jaxen-1.1.1-10.63 added - jdom-1.1.3-10.63 added - joda-time-2.10.1-1.63 added - jsch-0.1.55-150400.2.15 added - jsr-305-3.0.2-150400.3.17 added - jzlib-1.1.3-9.63 added - libgsasl-lang-1.8.0-150400.3.3.1 added - mgr-push-4.3.4-150400.1.36 added - objectweb-asm-7.2-1.63 added - perl-Net-Telnet-3.04-1.25 added - python3-cachetools-4.1.0-150200.3.4.1 added - python3-debian-0.1.31-3.19 added - python3-google-auth-1.21.2-150300.3.6.1 added - python3-hwdata-2.3.5-150000.3.9.1 added - python3-jabberpy-0.5-1.24 added - python3-kubernetes-8.0.1-150100.3.7.1 added - python3-mgr-osa-common-4.3.6-150400.1.25 added - python3-mgr-push-4.3.4-150400.1.36 added - python3-oauth2client-gce-4.1.3-3.2.1 added - python3-python-debian-0.1.44-150400.9.3.1 added - python3-pyvmomi-6.7.3-3.2.1 added - python3-rhnlib-4.3.4-150400.1.15 added - python3-spacewalk-certs-tools-4.3.15-150400.3.6.2 added - python3-spacewalk-client-tools-4.3.12-150400.3.6.6 added - python3-suseRegisterInfo-4.3.3-150400.1.13 added - python3-urlgrabber-4.1.0-150400.3.6.1 added - relaxngDatatype-2011.1-8.63 added - salt-shaptools-0.3.11+git.1605797958.ae2f08a-3.6.1 added - saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 added - sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 added - slf4j-1.7.30-1.34 added - snakeyaml-1.31-150200.3.8.1 added - spacecmd-4.3.15-150400.3.6.4 added - spacewalk-backend-4.3.16-150400.3.6.8 added - spacewalk-base-minimal-4.3.24-150400.3.6.4 added - spacewalk-base-minimal-config-4.3.24-150400.3.6.4 added - spacewalk-certs-tools-4.3.15-150400.3.6.2 added - spacewalk-client-tools-4.3.12-150400.3.6.6 added - spacewalk-setup-jabberd-4.3.1-150400.1.55 added - supportutils-plugin-salt-1.2.0-150400.1.1 added - suseRegisterInfo-4.3.3-150400.1.13 added - susemanager-build-keys-15.4.3-150400.3.6.1 added - susemanager-build-keys-web-15.4.3-150400.3.6.1 added - ws-jaxme-0.5.2-10.70 added - xom-1.2b1-10.63 added - xpp2-2.1.10-9.64 added - xpp3-1.1.4c-11.2.2 added - xpp3-minimal-1.1.4c-11.2.2 added - xstream-1.4.19-3.18.2 added - drbd-utils-9.19.0-150400.3.6.1 added - drbd-utils-debuginfo-9.19.0-150400.3.6.1 updated - drbd-utils-debugsource-9.19.0-150400.3.6.1 updated - dwz-0.12-150000.3.2.1 added - dwz-debuginfo-0.12-150000.3.2.1 added - dwz-debugsource-0.12-150000.3.2.1 added - fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.14.1 added - golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1 added - golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 added - golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 added - jabberd-2.7.0-150400.1.22 added - jabberd-db-2.7.0-150400.1.22 added - jabberd-db-debuginfo-2.7.0-150400.1.22 added - jabberd-debuginfo-2.7.0-150400.1.22 added - jabberd-debugsource-2.7.0-150400.1.22 added - jabberd-sqlite-2.7.0-150400.1.22 added - jabberd-sqlite-debuginfo-2.7.0-150400.1.22 added - libgsasl-debugsource-1.8.0-150400.3.3.1 added - libgsasl7-1.8.0-150400.3.3.1 added - libgsasl7-debuginfo-1.8.0-150400.3.3.1 added - libhttp_parser2_7_1-2.7.1-4.2.2 added - libmodulemd2-2.13.0-150400.1.8 added - libntlm-debugsource-1.4-150400.1.10 added - libntlm0-1.4-150400.1.10 added - libntlm0-debuginfo-1.4-150400.1.10 added - libudns0-0.4-0.150400.9.11 added - libudns0-debuginfo-0.4-0.150400.9.11 added - perl-DBD-Pg-3.10.4-150200.3.3.1 added - protobuf-debugsource-3.9.2-150200.4.19.2 updated - protobuf-java-3.9.2-150200.4.19.2 updated - python3-magic-5.32-150000.7.16.1 added - python3-multidict-4.5.2-1.24 added - python3-psycopg2-2.8.5-5.7.1 added - python3-uyuni-common-libs-4.3.6-150400.3.6.4 added - python3-yarl-1.3.0-3.3.1 added - rpm-build-4.14.3-150300.52.1 added - rpm-build-debuginfo-4.14.3-150300.52.1 added - rpm-debuginfo-4.14.3-150300.52.1 added - rpm-debugsource-4.14.3-150300.52.1 added - udns-0.4-0.150400.9.11 added - udns-debuginfo-0.4-0.150400.9.11 added - udns-debugsource-0.4-0.150400.9.11 added - uyuni-base-common-4.3.2-150400.1.21 added - venv-salt-minion-3004-150000.3.14.1 added